MAL-2025-189951 Malicious code in toml-superflare-rollup-algol (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2095f2a643f3176f7194ca9b7fb58c358babba6c0b9e2607bb10894b52696ec0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189850 Malicious code in tectonophysics-sequelize-whitedwarf-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6a418c5c79fe80c62d72488d51e495118660bbfd475cdb942da5cab826ad3c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187600 Malicious code in javascript-start-halley-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d50e0398241b84ce5aba22460a7ac42df758107bb13bfd8e52d696c2989eed4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189313 Malicious code in sagitta-izar-dagda-nightmare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d66262e7994275c6b59e3b7a607c7666b8e30293a518ce04b1601aa91f38c93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185452 Malicious code in analyze-key-simple-long-gamma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e514424d8e9ddb35b422455db45cf7ce03fa1751161b423a15bcbc55cdae5583 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190454 Malicious code in zenobia-quantum-yakutsk-superflare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5b7a0791f6b5f95dccbeba085fd172ab4e21e61722e6d0b80572279f26615b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187828 Malicious code in load-fire-balance-try-old (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ed8bd45f714ed76dc28e104d80484f6275477e646f6d793386b90377bb12749 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185354 Malicious code in abiogenesis-cli-start-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8fedbe24747fad784a07c56896720db43b38226d30e4d557281b607426d706a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185781 Malicious code in beta-grep-cron-omega-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52a7b28f9b754e69ce8bc73ff34806e5dadea1d590ec27f52ea85800891c06c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186404 Malicious code in cryptography-epimetheus-prettier-plugin-markdown-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2e74f3563293b19e2d0093030d411190de1d0d6a99c8d37a5480f44a9cffb1b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in css-minimizer-webpack-plugin-virtualreality-ignite-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47ba110c672d536891660dda1ec49413f5e7a6c719c9586868aac72f13acdad0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in double-rain-protected-import-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8581e04e65ec57750c45a77518bc0bde32027cce7cec3092673048972abc390a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fast-sudo-fire-chi-authenticate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473767456809b39e8ef62ee3a7bec7778b63f84616c733ac7fb4a6d0a155a791 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mocha-neptunology-flare-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6d37bf0614ce1300b08987292992ee91266002a191b2baf94fb221bc877a9b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in enum-parse-protected-kernel-refactor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0dbeea8703cb39fdaebdb0eae171d5530df87e6fb81440888d36ce34490e657 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in orogeny-fork-query-troposphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c492b47b53956d011ee186610884f977d3c12e41fc55e4512fa5e5ac20842815 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in upgrade-hexo-gulp-cosmogenic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fec89a7eb1a0e703849d699b2b85e2ad103da3e48674eb73284410a4a4e69b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-less-loader-commitlint-config-angular-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc9a2cc8ab09085bacdd14c9dfdd31ec3738bd42d232c1c5a7b3a72c15ab2016 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in test-janus-eslint-config-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec79023492b97711616187adb7b16741d7d4baf291a1de140a8c20060aa9f434 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-avior-nightwatch-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e4d3ae1a586ca72cce709675ce0fa9bc7536fad5bcf6063f22852797657cdec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...