MAL-2025-185406 Malicious code in airbnb-australis-inflation-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08ecd16b89921defad1c9b79583eedf00225da0e26f2f98dc7a866f52c72ec13 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186661 Malicious code in dysonswarm-lacerta-unuk-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1d4ff271822892355055959d5575c07ac632f3836ddd6d8337d4c9f6915e83b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186613 Malicious code in dotenv-metalsmith-proxima-heliophysics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceb78e459424812b988b0bf3d83a8d31009b68359fced3f68f72f84d8edc0e71 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187827 Malicious code in load-abstract-final-static-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b89b8ec8cc2029f323602737983cd24b79fa01ca5928af6beadf253afb737938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186139 Malicious code in chi-route-good-integer-grep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdf3808047bfb574e402fb26150085e65281d4b7fcfa053f879b3931c17b6b39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186375 Malicious code in cron-rho-analyze-socket-air (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3ccfff0cb2760978774c62072d2c40b1b8f36364183047d5546f5c67d0fa50b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186550 Malicious code in deneb-parallax-aldebaran-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62fdac9fb115059473ddb39de7308936fb34fee96693299f3e1aa1c9d0719d33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187222 Malicious code in greatfilter-nova-morgan-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a41bbd5a3eb7b2cf34d987772360f300333ee568f6821c4565123bbb63346d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189690 Malicious code in string-avior-heliophysics-tachyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f7ef6f68451c5fa51ac41295643a67cb2a6c0437ba9c76305c143de6da7c1d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188766 Malicious code in polaris-playwright-optimize-css-assets-webpack-plugin-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0153c2925946fa33f509a7dc20a6a22715963f52da756ce161ceb18165fd23d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187121 Malicious code in gatsby-enif-tachyon-prosthetics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3e1fe40b9f4663cd8b878d886d2d8206a84740ad4a30ca7055e0b73b99ffd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186358 Malicious code in cosmos-concurrently-uninstall-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7db9ff87e8f4868bcedc7df7de1ff3a93230d3a0a503ba209371cc3b10229614 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lyra-taphonomy-fusion-exosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30607827e4a44c0862bedd788a86ca7e751a17e1b53d4cbf6b813e174e0cfba4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nashira-dotenv-parse-variables-gulp-lynx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f07680065e1750d77fa79d213b3d258047a7ca301196ff1c2812354b0298015 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190412 Malicious code in xo-quasarjet-publish-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c1763e867baae066a361ba80be285839da38a3fe2e509a8cef6c0361ce3d3b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nebula-cosmochemistry-electron-cosmicsilence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73c704ce8181f207b2a385dd35c0b6123c6d5424d76aed8a2fa42ab9befd4488 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cat-sudo-node-decrypt-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d0a5654a946e29c85296ee9ea01233be92fe24df0af60de4d8e5e56deb22634 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bunyan-jasmine-winston-geoarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fa105000e7cc509705628856a64c489581c50221c6ae02d7ad46d875a191553 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in boson-hugo-cosmology-mineralogy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ddae6a0edcc1d9e0d70fd39387a1813de9df1c9e7efd7d318e9063a99699ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in leda-pegasus-magnetosphere-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 320e44886a156614cb8756afb54e4075fc58ed6bebbdd91f2cfd702bf93dd0d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...