MAL-2025-188545 Malicious code in panspermia-atlas-vortex-chakra-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dc9f444fe4a69dd71ca44a7b6b8c4363ef408503c70deef29525151f537404f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188113 Malicious code in mongoose-docusaurus-fomalhaut-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ce0ee2156f5fb26ee09bec3c4892bdb6c84b3ddfb7955c1a8b3bff442bd6a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190074 Malicious code in update-barnard-rigel-readable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b80c2b2d41189c75ea3088452d80ac7c923a98a02010f14f29fc8329cd007b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185920 Malicious code in buffer-apex-paleontology-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7934a4535374d05d16ea53b38d74dffb1e309e10a8580c835e0cef8416cd0341 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dotenv-parse-variables-astrobiology-readable-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 465b6023a0ca0bca6df82d4e7fea4d734021c77c8d00b4a7e90ddac9a6e59305 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xanthus-websockets-helios-duplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6f219d623b83cc1ca2712663a18695e219e82344813cf2e184bdb096c2ed1a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in authenticate-function-scale-cloud-socket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f528c4889d7cc48c0ecdd516f266fcb56461b67b151309f56a99d332024224d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in biosignature-winston-xanthus-octans (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e90dcc2ecea82bf4db69b8db7b01c821564ccc7f9fabba05f79f2c63202efbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in char-xml-xml-validate-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c76ac411c304d6c4ff3a8efeea7f9fe5ac89b92dfa39c8e52594a2d41d9b510 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cluster-norma-solarnebula-outercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 310edc185150396d4084de6f1966060af47049a0250c939ebd7dfe2899c1f291 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cron-tree-query-unix-report (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f34a183643dd8952a10e6cfa7eadbc3debad2f90787679d22a85f961c815e5d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in crust-thuban-archaeogenetics-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1d77d5878eb84187eaac9705aa2e1f130b0c1a6d7d56c13ff36950c3de33028 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dendrochronology-eslint-plugin-andromeda-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24345b9ae34655a19ecf0ebf2bd34e7ba0977ddeb6130cb2b356585ae554d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eridanus-cosmicsilence-heliophysics-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2c5107054f3f6315613a6ff3966d058a30d72d0ed15acf6ef1bc5665656306a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fomalhaut-nashira-webdriverio-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a034cd14a877e2c5d7412544ed3aa5a725a051aa47414ff2e337b9637217fcd2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in framework-baryon-install-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdbb94425720ebca1c18ce11aff5f460206bbdfd2717e2116a16769b295bf508 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in halley-subduction-zephyr-paleoclimatology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be6a4751fde16eaa87009873625b6b28179216a0bde52389669c39c7f0ee0d36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in holography-hercules-janus-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc0747bbcd6e1cb7fbbcd0dc7b214cd578ce9437437d5ff92c3122cd217d7f36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in isostasy-rate-limiter-miranda-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8886bb1b3aa2881de5d3a090df3f702e15600943bd93f6e415c544b97c814926 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magnetosphere-hydra-aurora-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d4c280da4088250a880f3beef154d45c9a4bd8505741d2c117a53f840d21031 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...