MAL-2025-148955 Malicious code in uninstall-comet-orbit-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40bed052f835a132acb6491032b7a18c1036da21b1b9eab884258bd3b3c53175 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144956 Malicious code in middleware-fornax-cache-chariklo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30451cfcb018e07948d2bb2cd56d9b18dbeb975f403070768ae3c9d68285cf6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143505 Malicious code in ignite-antares-terser-webpack-plugin-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678314a42cd5410b1e3b55dcfe9468f7b009c2bf1126ee336cfd1b2dbbdc65a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147007 Malicious code in quito-umbra-registry-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bef2cead8bc437414921c520821083a4ff3b65865bf0b3b088799fa0c5de2657 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139456 Malicious code in antd-google-hydra-canopus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d85f40c521d390c13055ac239cfb90c2232db83fd4b38f76c3648973e735190 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146731 Malicious code in proxima-protractor-mira-jabbah (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05006d9d7135e2d50bc05fbcb93a478556d9f31bc654760d8bbe915920ba941f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148027 Malicious code in soap-neptune-xml-virgo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d327794d3d63355fd3b82a37c1cf56cb121b8c18a4643bb1c3ba725b7123179c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141808 Malicious code in duplex-elara-charon-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 494f2037fcf883fe2bf066df716f3152638b27ffc4349a02c360667bd18cbbf9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147227 Malicious code in release-it-nightwatch-jekyll-yildun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5796729233de51edc8c296497cfcabae7b685d63f4f1c6a8c094d2ab4513ade2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149248 Malicious code in vulcan-nestjs-nodemon-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bca58c5db7f633962cd43a5bc3ee223af16b073b273e82fa1008712c7fafb6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143237 Malicious code in helios-odin-start-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db7425d137324f44c522d980f0e97d5761901d2847c2349c5a0b5321bb8f47c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145648 Malicious code in norma-registry-async-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13eb62efdc128819d4e6c73446ceb745d539c8ef9c8e3debdd1972bf6210cd8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143551 Malicious code in impulse-protractor-registry-reveal-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc758536957a4caa16d0eefa107b1b83f74c68889d645806646193e06f5913f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144532 Malicious code in loop-sadr-mensa-cassini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c6d94c5110e973d1ee3f2bb26b12db11bfa2e35bc1e57032de8fadb1cab64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143390 Malicious code in hugo-loglevel-fomalhaut-optimize-css-assets-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 581e61a3fb294771917013ca8905c2e2d9088aebd76a3cae499452e2fbfbd70a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142586 Malicious code in fork-duplex-request-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e738a11e30835b56b26b4fc6d11d4de4707343ac26462423c3509933099f59d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146671 Malicious code in prompts-nashira-pulsar-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b34b2df3d4a4995a17928a35dfc555917a0dc66c1262a3ba9686778acca2a992 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149503 Malicious code in winston-jwt-sails-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb006c2b2793dbbcbe5f7a7f5b52c5850abecd1b69042e481b38dc15078b81b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144961 Malicious code in middleware-mongodb-leda-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ac868d322cce021ae4cda8e245af3f8fa418596dc7f29ba457f1caaf7666878 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141026 Malicious code in config-izar-fetch-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f5a2d8fc86c6915594384794a9189606b65ba1f652cdae1d45debe45640afba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...