MAL-2025-185836 Malicious code in biotechnology-apollo-rollup-plugin-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0830b98c58ab354f9147b7c6003d2a35dd551ebee55353545da36da720098ba1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185700 Malicious code in await-supercluster-prosthetics-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1842ca75811b8fd24abb3a9ba059135d9f54a7ad3dc352315b58c3ff798aa88d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187252 Malicious code in gulp-kinetic-mongodb-astrometry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7878006d6f8f7caa40ce0daf78b2c246cba2cc4a065213449dfa1b7d77e316f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186332 Malicious code in cosmiconfig-xml-rehype-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c337d51a5afe782ff83bde8f55685686a71e8d4b23d52af00c64f247b76db8e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187737 Malicious code in leda-morgan-xanthus-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0d4d499bb8d7e5664a8ab87aeb749fa0cf175f430a694968d93583fb239b394 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188763 Malicious code in polaris-juno-taphonomy-membrane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57aadb0c6fc2fa048e9640b5186c58a3bf3c7e138f166b104d24916c8d7d6286 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190431 Malicious code in yildun-blitz-miranda-accretion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9aa6adbd171001d6774e9c0faf6981e1b8230bc776079be2918fc0071a823fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187699 Malicious code in koa-eslint-plugin-corvus-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9921124b23b8c3333632e1a5ad8852823bbc42e2f37bc4ab4272265763d84cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185627 Malicious code in async-psi-alpha-query-theta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7530cf46aad481c6839f10e0bee406d9caae82ffc06acdedcc54ce75442b73cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190348 Malicious code in xanadu-dotenv-safe-markdownlint-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3910fdac95250d53aecadede785513f9beceed180e4330b90a3808d260b82a43 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187007 Malicious code in fomalhaut-restart-loglevel-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2249aa4fd99b1a153ecd1845d37c0b92b17c3447a01493b2f5ef0609f04c1196 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deneb-parallax-aldebaran-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62fdac9fb115059473ddb39de7308936fb34fee96693299f3e1aa1c9d0719d33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pegasus-scripts-antd-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148f133e1fcaf9e6b0f51a92e0b77ef41f1bdf6ed12f5efd4ca90fe15c72a9b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pulsar-run-script-process-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a68b094e7ac4b5b258bca7bdb56f33a009ef457bd35abd4b0bfbd4a72681e437 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cosmology-levels-terser-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 288be03c8843b42fcdfd629ae8d089e419583efc975261b79fa3e9b75d609a23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriver-manager-ethology-kastra-biotechnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4d50f3fa880cc105429f154e2bc09e5b09429538db303307688c9609ca30e2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in awk-encode-good-byte-uglify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e4cca71a4491c633a2c7f274e3a868f88632b23381903b5fa7e387991ebc55b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-aether-hawkingradiation-augmentedreality (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0a7a9c4b6adbb29d416747efaefe914079d8722fce2307a0b32e37ccc5eb06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in greatfilter-repository-on-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8993c23be3f620ea4cdf1b3d179ef47765d2d76f1f4247138a42102ea67ea949 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in supercluster-entanglement-firebase-multiverse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aec89289aeb2a352ab42fd6e356c59312966fd6c9104b331eefb6c970f7fc32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...