MAL-2025-188458 Malicious code in optimize-theta-process-cluster-dog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb2b3e9d3328a363fb5b4710efab7a9851461ed3577869eae397a170f5d2476d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in areology-eleventy-cassini-filament (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba97426e3f33f6de299e1fcfff8dfee76502d5f73058164cf60ca33917a24a22 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190126 Malicious code in user-refactor-cluster-transpile-eta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f18892cb120efd30e52630d809cf1105bfccbab7aaa211fe691e458990281176 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in superagent-singularity-singularitarianism-vega (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cbdaa1d54bbc61f1ea74857628bad1ed29b040508630d98c1a955535b5c8217 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bioinformatics-pino-pretty-mutation-vuepress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68d27958147cb7cd276409e0d52dcc556e3c5e0d323436adbab13384b0788339 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in html-webpack-plugin-vega-atlas-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72fd14fbfa7df3518df196ac7331d4c07644a19e457f73f31be91ee9ab01ce42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meissa-optimize-css-assets-webpack-plugin-express-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3eedff5af78c38d953cd8a24a97713690a208d01ffa5df7018314e5f3ba5667 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vuepress-update-canopus-zooarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c0ba2e936fb4ba21ad01bbf840125a863fbb501192f3e88e43e962473e8fb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in perseus-xenon-grus-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3dba22527ed8f27d29b6a277c13c56373df6604a117eb21a0e723a31111238f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wormhole-gammarayburst-nanotechnology-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6173007b055d80b43e6ee86ba3c832ce5faa5be4113dba6fb9c9438b48c896c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in runtime-parse-user-authenticate-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 164dbfef9ef242d560dd9d9d3dd6fd1c685123e8497af22e16d59bf89ea029dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ablation-semantic-ui-readable-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb999c04b781769ca44990d467de461dd690a88b83be66c974ada6a559b8a19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bootstrap-cluster-fornax-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f68c8b328a4fdb50634ae09eb0a5a69120d6aedc072cba9562ccade41a2e33e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleobotany-callback-magnetosphere-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3807a382eaab7b6dc18c824020eee07237a4b8b751bce450c8263e83120b7859 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zephyr-ganymede-fomalhaut-hercules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 400d2c278a0302d618f65ae002e9c82387d30f08742bf4fd5af0b01c9082a40f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lacerta-chalk-ini-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45cf21208b56ae1d0da3be8ce48b148ac7f6247e8b2ee4ddf53e45b162060b7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in europa-polaris-terraforming-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff57b3d746be81aa8058b5f693a6d9942341db5f639aafa79ac47627b36a01ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in moon-old-gamma-deploy-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5c4869ddd3ada1d30aaaa35c240e8d99748ce6917156ee14dd323fe2ec849a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in info-user-wind-book-sanitize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d4dc5a534fea20aed19a4422309665c2027ecc15737ec3222b93f3a598ec91f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in beta-grep-cron-omega-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52a7b28f9b754e69ce8bc73ff34806e5dadea1d590ec27f52ea85800891c06c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...