Malicious code in fomalhaut-restart-loglevel-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2249aa4fd99b1a153ecd1845d37c0b92b17c3447a01493b2f5ef0609f04c1196 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186663 Malicious code in dysonswarm-public-mutation-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc07300ebca2f8b26a8d75a123c9110acfca5a9c9ba7c5ca0e175771df0cd378 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in aldebaran-halley-eris-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ea1ee1c5006e870f575cd778508830625614ac4f6ee77b64e52cd1cf8e291c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-dotenv-parse-variables-stratigraphy-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6b6bff1ebc61f26c983aa31d04f318f822c5eb75b154187650b15d6904971d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in await-float-optimize-route-omicron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8e098a6f9822425661851047a431e132cc1cb8d102b241a0dd8972f13b4bd22 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in axios-mineralogy-pyxis-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 363a084cb89546d1716a8e50fc4400ad1e5f3cd26c06fea728164d97c956c8b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bad-hash-shell-interpret-compress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 316f1a952d8d4f9ff2d20791bad79a3bf3fe3f2c8559da46bb62c4d37f47d468 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bad-transpile-xml-signal-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98b31e71ed2a6d4bf88c6076c957111d72558e44d36bf8a63e906f6074f9624f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-panspermia-websockets-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 915341c96b286908734e85176bd715f1dfd72315e39061cda0bc575fdeed03ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in changelog-gridsome-perseus-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 133334c5bcc682926745fc752255a3c1e4da48e8c1e07925a14d0f505ea7526d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in commitlint-chalk-eclipse-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b08cb43ec4ac2e4a214da7f273798b819d8970ac0a947c0225b6f9a4d62c83b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in config-dactyl-foundation-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de4251893f8cf0b528c2444bc8aef33307f0241ae32247dcc74b1eb4c4353bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in config-event-install-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53b410cef5e278f40d1683c3c77135d349c9f67e0537b356d77f55cbd71a3c50 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cross-env-native-centaurus-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c6dce8f7485566682baf52e3ddd7d582e7a2d2645f17719277ec2beaf0b8c56 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eigenstate-electron-builder-despina-bionics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 856bb07252bfaa1fdcf360cabcdabbb8244d7be52299c195e584d92372aa55a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-config-geckodriver-algol-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb91f3db2f6f339619f29bd1ad8766449fbb43717aef0c7e9130729b1287949a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in husky-bulma-nebula-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 029de86705f76c06a577e00966fac5cdab3d36021be7d50cec1844bd03f7b785 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hyperion-build-style-loader-lynx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12c2c49786a819fb2277b7d7fe04a6cc6c4ad22bad453495d8c818dd4aa2e701 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jasmine-metalsmith-schema-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67d95657794543c0c975eb63112589e29b6bcfdff3feed460227a8b21843de3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local-terser-postcss-loader-eventhoriz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34b65bfa47dbfe04c6f4b072ca313e3d49adb15a955a7b43a2c1fe3e2dee460c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...