MAL-2025-189613 Malicious code in spectron-ursa-yonder-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11e8934f9f8a84c3ea9257ecf86439131845b5e98b2fb112a7de097e28279bb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187674 Malicious code in kaus-atlas-aurora-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18819dc2e7d57c5c0e06d57e37b2c5520650bfbd6ef84b3a55ba46cbc0c2ca7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189889 Malicious code in test-star-web-zeta-minify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ee65ad7947ed824c06235e38a3aee5d27831c7878012cb2c3e1878731ccf6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185828 Malicious code in biosignature-enif-element-ui-biohacking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4715241285965588427f15c1ffe35a84f94a2a86f96acc208d839b45622dc284 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185677 Malicious code in authorize-node-slow-stub-daemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f973329e078b3e9f8e2be2ad30ec9f232ae6fd7f0187ddad996be506c8c2fb93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188225 Malicious code in neptune-node-sass-altair-membrane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad682c7ef1b00daaed7b6861c4172801654dbd52ae27354ba342091db9601ad2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189471 Malicious code in shell-omicron-dog-bash-simple (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9773541d5d024eb6ba320252005f48715f06580b91dc6b9da8e16df177b7266 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186015 Malicious code in cassini-pyxis-proxima-isostasy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee145f91f029367c40892d60c12537ef872ce0c03862342747ec9269427cfb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in asthenosphere-dotenv-darkmatter-chromedriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c69657448b3b6a02182e970bfbecadf73fe036e1a80d496d9efe2ead57291f4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tool-dependencies-dotenv-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d36ff10f503ecb03d0f7855f87e5eb97cd43f2994534487d509135bd0d559e9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stream-redis-bellatrix-oscillation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d28d234dac2b514572f66ad2ad3ccae3cc70103cf5b2461fedbff81f34bb2353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in monitor-data-uglify-compress-book (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4fc316f02dce0d561bf90ab32d3702a34a86ddd60eb81d8893367f9b0125e9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hexo-boson-charon-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56cd66ea725cf1761fe3250a133dfda961733f0870f716905609eae11f5f91d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-schema-release-it-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e806b764b2423062a8953ab5a69c4836580fe7b128531cebe88d4b643a30555 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rimraf-playwright-morgan-norma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 605f4589e9fb73840fa4862f5d97c83687042c57fc5d073de4da60df0027fecb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in enceladus-blitz-lynx-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f688df47bd13d5e692984d772ab714e6649d97ff147beeca82b55bf73f3ebde2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yakutsk-metalsmith-astrochemistry-terser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 716ae5e8aa43202b32c8b4a3aa8cf544d3e6ad69c383911d5515b92e5ed44899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gatsby-enif-tachyon-prosthetics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3e1fe40b9f4663cd8b878d886d2d8206a84740ad4a30ca7055e0b73b99ffd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in genomics-biohacking-xanadu-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3db31ffe47d54cdaa5a7c3fc25c8f9613c3d1667e57a7e9a8b85bfbccb19d791 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pipe-orogeny-await-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2382b0c000b2e4514194f19d8259b7e578360d10c1531f70c0f8429921ac3b9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...