Malicious code in registry-firebase-command-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46f43b2202cbe2a8592e3b893efb2582549b714f2c71fcf8dc94508d348bae6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in solis-spawn-vuetify-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ed1c25e4ff43497e859926f784162a09b2dcd843db09507d4116ad823328901 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in comet-gacrux-pm2-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7729116efe483cf849c752a73e89d5216af77a6872c275da676077adbf09f1d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in farout-fork-aldebaran-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 108e364c3a72ba84354e451e03216e5cfc26e6c2e5e436f26055b6f868d5a0fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jupiter-europa-test-jovian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4e37cc939f7b9dd9e11d6abaf23051989e7581681ed85c1f58e2ad2e96a039d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in module-lint-rehype-optimize-css-assets-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2939b8efc57b0447f1e6a1c6ac30eb1b3c5f6a835d155211f5ef7e8a4b2a4009 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in toml-transform-mongoose-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4c5aa347312aa9608e31732bf55144c791fd30f70ee314980a49a5e5bb3ea7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144705 Malicious code in markdown-pdf-remark-oberon-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed24060f6cda0d0b13ac292dc552de37538523879e0da151f74b7139202a6b93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144126 Malicious code in kastra-phenomic-eridanus-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47b4edf03fe4eb9a57ecb323f2a9f3f66d89c70eaa645d4cfdf4a30ac5e9285e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141256 Malicious code in cross-env-gemini-oauth-weywot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a4106c023551a8a784aca23591a676915bef17fdc0b2784ff7bbf6e37865ec7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146706 Malicious code in proxima-auriga-luna-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc49a5534846ee216e1649c7299a0fb3a5fa939dbe2741ab3b04cb4e71e15b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145907 Malicious code in orbit-hydra-test-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c07e9826c7bcfe2f3fba90971dfc109aa47a799c8079f02becdfdaea244b9e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143893 Malicious code in javascript-triton-babel-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df95ebfa9186ae43d757483d3b88f64eb4ed03558c9d23498aa6e54017e2a382 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145833 Malicious code in ophiuchus-pavo-docusaurus-babel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99a79c288080b8fddeb7066d7a272b440e104692bf11d0fb31de33667ee13c74 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147037 Malicious code in rate-limiter-europa-pino-pretty-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ee11da6aa21c1eee394751ea6ef9bfc6013fcc34a6a9479d9cb23c891837a06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140190 Malicious code in build-readable-react-bootstrap-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e775b6d0ca701f5683b2d7e970cdfefc9a9d539920c94864c59683252009ab1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141113 Malicious code in cors-aldebaran-aldebaran-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1fbad0e36204591df10ee8666cbe61cee4d9d90e7623bcc6a1c10593e34ea94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146820 Malicious code in publish-vega-spawn-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2589b6efdb50910eacfb7ccf4819dbcb9694bf2c4dc977393e58ac92e7430e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149156 Malicious code in virgo-global-superagent-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d8563f28a2a27d7861250bad8476d45d2682ca1232f97b8792980d923d60542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145605 Malicious code in non-blocking-colors-xml-callisto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a7c05a91dd751ebc574c9fafe6c079484def23e71f2a4ea9eb425dd310c652c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...