MAL-2025-190335 Malicious code in winston-leda-mesosphere-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c55ac0c1e1677bbe795f58c9d6316ea72e59e3380904b89eeabd1a4e3609525 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190177 Malicious code in void-cassini-thermosphere-cosmicsilence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40d4ba453816a13301206fa5ce0d185840b92860d050bfe09f03edf00a9323cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186782 Malicious code in epimetheus-chalk-frontend-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48c09eff222393f1709ec49ab01a7bc1a422e0f9747c89765ff069e1c9a61b62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190394 Malicious code in xml-eris-lyra-tectonophysics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f15351ff000357cf55920a6174c8fb220b1b8986f075040a4534a6af1db182d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188911 Malicious code in proxima-dotenv-safe-carpo-release-it (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 809ba230c6e94942943f5a24f1f5fe052d4c80da9132b34a273195324e638143 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186517 Malicious code in deimos-koa-build-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a36c41fcb310eff78aafc5e8df244c1040a53162533a3e6f7026cd926873e7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188953 Malicious code in publish-oscillation-astrochemistry-spectron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 154fe20109457e48fa5577f4bc485d5bda793bf620237fb9f1e818447da6ba67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189445 Malicious code in sequelize-ophiuchus-parcel-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f3fa16271461dc63fcaae96ca9ec7cfde5867ab6ac8758b77839076758c41ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186720 Malicious code in emulate-catch-file-mu-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 780b4f9548afe60317b667414bbc56a8f0601ac37ed12885df88706ecec718ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185394 Malicious code in aether-pulsar-polaris-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91d89cbaa30e7fe600859577ad2f26ec0d66a81fd877ec655c5d214083593fbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188520 Malicious code in paleoecology-stop-javascript-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73cd29b722d214d6b0e2acba9820180b2e3a620c3035601ac2c24612996b23d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188742 Malicious code in playwright-dotenv-parse-variables-parcel-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26879ce998b4d9b600336074c9192fff930a75ab32ce0d905c45dc8f8edc2942 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187355 Malicious code in hexo-publish-hexo-xo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00717e5974b423da54268e70eeedbebfd4bb4bf7ee91f3dd7e0b29ca6d88211 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185676 Malicious code in authorize-interface-psi-orchestrate-visualize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c49c66c39ec7c53bfeb7d373b988f224b0ca9c2e4f25d92872ad9281b32dc997 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186456 Malicious code in cz-conventional-changelog-selenium-xanadu-enif (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf8b961eeba9da8ef4f127b78faa308dd817dfdaa64410081587bb7108e7317 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190187 Malicious code in vortex-husky-sqlite-exobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90045f94e1d9d66252d467fa18357ac19aac151e5ea708173e4ac15adc8779ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186411 Malicious code in csrf-mutation-oauth-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b3d31dcca040505ffbe98cbfdc62ec4c56c09a19695b316b97d62cbc7f6254a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187509 Malicious code in interface-iota-tau-optimize-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b927af0512416ad1b31f98ffedf703e447bf20dc26407cc26a66d63f8cf2a93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185406 Malicious code in airbnb-australis-inflation-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08ecd16b89921defad1c9b79583eedf00225da0e26f2f98dc7a866f52c72ec13 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186661 Malicious code in dysonswarm-lacerta-unuk-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1d4ff271822892355055959d5575c07ac632f3836ddd6d8337d4c9f6915e83b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...