MAL-2025-187890 Malicious code in lyra-fomalhaut-arcturus-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53096e7800c4afe7142f8895c571a8234b3cf07054a65f4b0e757e5cbb5d578e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187656 Malicious code in kappa-encrypt-public-rho-boolean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 656709df41c0061ebd217bc1f9d8008060baf2008b8c7f3bdce9147727b37576 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185775 Malicious code in bellatrix-quantum-inquirer-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5e4ec1ec944756074c8f5701d354998ef621ffeeabd85761b6dabf3e976c217 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189446 Malicious code in sequelize-paleontology-gravity-webdriver-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4837dfb129dad1bcfa4db4ee23cdc14be39d70a3da9baeecbdf470f66a932f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189292 Malicious code in run-script-sagitta-pulsar-alphard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 301093ba1f19945b67f4a51c33b12c18edddc6ceb26f3c8bcb80daa80505b50e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187438 Malicious code in import-proxy-cron-balance-abstract (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc1ec58f88db65ef37f453763c2850aa34c61344a704725c6db3c7fc21bea4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189278 Malicious code in root-cluster-bad-final-rho (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e40f7f5e09039c8649780bc1df2004bbac256e735a86bd382908a03f1354e3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190380 Malicious code in xenos-nconf-aurora-redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3becc1558a04e4d28823447dc8ebf2bb654650dee47d902b2c138cf0f0d3ba20 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188474 Malicious code in orchestrate-process-cache-data-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7471b0298fc61ae4c462894f9c3877691c475883df2c72ebf084c57d16654a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190280 Malicious code in webdriverio-meissa-terser-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8566a6641887982db2205f4d70303c4107005dc5398a21da2d4cde72b86274 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in castor-warp-asthenosphere-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35d58ff15ea2ebbd7c4324613137ba93e2574de45eda32618575677a0d8de300 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yildun-fork-chalk-farout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebcb2d403eeecba5f56dbbda8ec07bc5b9718ea5413a6b243aba11175cfc1d16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in seismology-jabbah-exosphere-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c45e15fb1d80e15c00756ba9c83738595f758665d0520bb6e276352be59c01b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in neptune-tardigrade-protoplanetarydisk-palynology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1d61317a604149fb90d08fb0c6ca6069f9d9e240d5bcf4b9d90a3d7c4fe1ac5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in passport-magnetosphere-sociobiology-ichnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d6a1b5f77b1e31f60a428ea2753d7840a8976284d049afb13d7ce18c39a933f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prompts-flare-celeste-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63b9d41dc415d07ac9a8656e3895a099dc4d7424b7a34ab8503ea5573f770548 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cluster-sanitize-resolve-omega-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bcceef72f7076040ad3f53d861981ebd1e83dc7bf7e6c4bbd7c584c0c40e5a6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in epsilon-beta-key-double-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f0681495491db7e545763d456b2c3b521039fbd9b347d6741ec1d056df57936 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in got-install-blackhole-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3a3e26fb5f46474d8fda65b2e4d835c3e4054442e31f815bf5caae9234f62cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ethology-zephyr-dorado-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d6ada6b7366b59dc664dade1f8bc9f3d3c48b7518f8ab2b2d715a6cf873db80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...