MAL-2025-188446 Malicious code in ophiuchus-whitedwarf-sirius-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d1d56c997058613f2deb0d5a6c57b6cb177fec88fcd80aa4621f487887dd2a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-spectron-webdriver-ignite-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7825fb698098acfc9237bd9d71a9037ffc59b30a8a2d44a9f74468e7506bfceb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in planetology-stratosphere-library-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eadd62ef40f3b877824eeb1b48d4aef2ca574fcb0f1eb2abe17dc8802ac3c894 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chi-cron-sudo-finally-visualize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f262c0847ee6c703a9a8776e767b4e57c2edf2656b7acb15a3ac0585351622ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callback-elara-hadron-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c5e131353d5f6106fa2496e00f7ad443ad3e792fa0a1d9faf3e536b245446df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in async-command-farout-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0253e71a4c0ddba50faf95c0847a068798e928497068a0ce75230dae1f5950a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in thermochronology-paleoclimatology-redgiant-celeste (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 979cd12d958283fd1c23bf6a1078f71dca9dda1c7468c9b295f649ed3ddb719f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187924 Malicious code in markdown-dotenv-whitedwarf-decoherence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5aaa9a0b578f1e3065838d076e1317f2e55e73fa4a622e040910b8fa3e0bf73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189533 Malicious code in slidev-airbnb-phoebe-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c147ec56a928418476ff97b2e80c13cc416a46f542363a1697c6b3d4e2801313 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transform-blitz-element-ui-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f0718911e1bd9246bcc62a5c6328b03e3846539f5bb7a874229116d8f787ff8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ursa-auth0-delphinus-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a3d75c84533df7d7cbc4e6990cd81f583a0ee3f1095671e9cad2c2b7ff44e9e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189058 Malicious code in radiant-on-oscillation-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17ca9d06180b7ce0f8167aa6796479c6ce559c18461c3ecc78a266ab88af199d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in algol-troposphere-bellatrix-oortcloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88490cdb1401356b32291487c355209f19652c109aee91f3a7950f1f3937bc04 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in virtualize-reject-secure-finally-function (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c2d4b6d8c1cf607c34947c1092356b4306699e741e0587ad20bf50524ad08a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189334 Malicious code in sails-winston-radioastronomy-charon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cba6305df4d60ccf768e7bee2c868494cc894ecca3c96bd0b67d8009bd1a94cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in astam-ifit-dabtauzbdami (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84655bdfa4fce4c7da62d1562b3724947bc57f7d107e1ef0154570ec15105f76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in odasv-kiuu-bofauffsni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bafe2ba65bdffbca4b1c025e2a54ad713667dd618400e18bb0461f202de65a81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lomi-ifush-ugofa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c8e18f38edbba8b29d881ed50330de5f917b458ceff9378ee7ba9cf48ac9e80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-181749 Malicious code in avangi-ogolia-inualumi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f5a7d394174345daac9ba53c7ca8ac328935889698ca5cc0084e8fe4f226352 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-180306 Malicious code in teate-thy-sonic-dorho (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ab6fbe30a84f6da804e26788383661a814c86aa94029fbcbc17dc8c9137bb5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...