MAL-2025-141705 Malicious code in dotenv-csv-jekyll-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f602ea5a4d3e70788dc52fbd3fcfd4afcd27d68f5d379ce7818d10fa011db3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142419 Malicious code in farout-neptune-dione-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c0c1d2d632485105b695892cfdf331ec228fa9c0c4b44667c6207987bd0b91f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146719 Malicious code in proxima-hyperion-vortex-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adaafd343659e7777c9a7a305eff3bc02b790d3119815ad8231b911b0c801068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148801 Malicious code in transport-sass-loader-csv-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e15bff463d0b7ddaac6f7bd94080eee2e9689b135e6550355ca6b8dc74134b2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144449 Malicious code in lint-staged-commitlint-global-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 304b77175b845c66db53476f7ce9d03f92d733e55c29c84ccab5770fe6f45bc5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149406 Malicious code in webpack-rimraf-eris-writable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abf70ed59506b87bb301e207eb1834afa3b553ef1cdcd022c7e11d77fda8abe0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148955 Malicious code in uninstall-comet-orbit-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40bed052f835a132acb6491032b7a18c1036da21b1b9eab884258bd3b3c53175 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142470 Malicious code in figures-hyperion-selenium-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a73c967d261d802ac6e60fdb8f74ffeab4bddc6099683bc614752998614c345 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148428 Malicious code in sync-perseus-airbnb-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e798a293f82fa6711ebe5fd6e4175f927ff267443149f31e6ad259235274623 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147979 Malicious code in sirius-standard-mensa-element-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f9a6f0c3f9b13e89a3dc3ede03cf3da159585fe7b70397f5ffe65a67f99d1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146941 Malicious code in quasar-bulma-tethys-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8e67c18daeeacbb5f975e2833c77be01cc75cd8706f8f443d850d65db26167 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148654 Malicious code in thuban-less-loader-spica-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f75cf876aa95769e2ba3d7933527e5c1a77fc9d3cb34fe7dff7f4751c282c6b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144432 Malicious code in lint-aquarius-morgan-ora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602a9e575ea97787e2315b95517cc650d51f2f0bf594adf1ade583b2e9857258 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145522 Malicious code in node-config-upgrade-library-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5b7436d1c19bd4ada5702cde9f3b4b860ec5e5c962dc062ad80ccd76e1a57e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144956 Malicious code in middleware-fornax-cache-chariklo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30451cfcb018e07948d2bb2cd56d9b18dbeb975f403070768ae3c9d68285cf6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143505 Malicious code in ignite-antares-terser-webpack-plugin-mini-css-extract-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678314a42cd5410b1e3b55dcfe9468f7b009c2bf1126ee336cfd1b2dbbdc65a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148409 Malicious code in supervisor-zenith-ganymede-blitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a90b156b9a8819e787140ca064ef027ec6699605edd77ecf43ee17d3936bcf8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148327 Malicious code in stream-optimize-css-assets-webpack-plugin-nodemon-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fae29f63ab3edd79a6f27157b2a92d2fd2d219f65bf803de9275b448418c9dba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146156 Malicious code in phoebe-link-changelog-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fed773ad62f38e8f3bd74b0c9bcaf7640090adafd10937effed4cce88d7a9c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147620 Malicious code in sagitta-spica-acamar-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84bd2e1015252bb719f8837c2ef58e6c0dae1f9260d556bf3048de7b0824529c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...