MAL-2025-167511 Malicious code in teagood-nalikoli103 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cc4d9414709459e2417d0723c3cb3a98da69788c7b9e11c272ca7a5e79a0f65 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-151066 Malicious code in abang-poke2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa29e8c7e5b275a1611fdbb7076f6dfbf053c70cfc7a983ff7ae853eff14e69e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bunyan-dotenv-parse-variables-bootstrap-wasat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6a361166347995f8a1116d8387938ce82cbbd896b8be9677f14169f4f20b7a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in impulse-dotenv-parse-variables-jest-node-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6359550cf21a9089d3967a3f38250315ffaede55aaf39f38d500f308b7058829 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in celeste-optimize-css-assets-webpack-plugin-rollup-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1870c7f6969ea7f977b1d82de36603569644e0ace11ba6eb516e75c0cfa8893e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in async-europa-exec-solis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dcb5b17666335f424f3b57f121a395c4a988c839904a66bf1b8ba23e5816471 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in carpo-cors-react-bootstrap-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d871110fa02601bd5617e3520de63bfc553c86eda11a0f3a7140b61843da2d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in test-mui-fomalhaut-elara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca2f736890bb161d7829091a44884c79fc095594c2c5cf79d556a77560a690d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in convict-sagitta-capella-remark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243af60bcaefd4a2f191e0403851b712f8cbab97e1be2ea0df86e12c71b9d373 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-europa-sequelize-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85747d4226393b90b3bde9479a196ac30003df746cf833683c3cd3d288e37b6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in triton-sirius-redis-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a389ba92aa537b6a692d69e49d7613e04b83d6c6c30d29878b2d179117f167ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in development-nova-carpo-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 738f95f8f7afe379b25953df0583441baad9376a582dee727d760d2493dda163 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in altair-mensa-cypress-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d753751860507a77cc68b0c83405e74048223a9aad75308e8a43711b12ff1817 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in janus-ora-odin-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1b1a4c7e5407ea07e12997e513d73dbbb0613592dd22ec25417ed91ee6bc5ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in scorpius-xenon-ariel-delphinus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e1e4e38e52a8671395f4bc99d4b8fd899597b95008321a521a2a9351afdab05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in public-magellan-elektra-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6fab38db705f92cf1ac9bac0004d21420f5542fcc39d1aa5f483a4205d37624 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in commitlint-enif-pegasus-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c272bc0ff476d7d02b5023202fd9c3128fc3140648d0c21d3c5517fa9fdf7724 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kastra-nextjs-tethys-acamar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5237449ddd14cad0c7a757cf5ecff71002c9c6726139843650a1a07f68385093 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in electron-hugo-link-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78f100f8b5a13d11ccdf9de9d337b8202eda41ec541af1a521b3ae2e6fe73503 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ursa-jupiter-antares-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9475e6896f644cad679372be114f300b3ac25f0ab22b63a70f074f55dd053c01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...