MAL-2025-139710 Malicious code in aurora-run-script-ophiuchus-rehype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 241691cf5bdd46c9383783776eb754470cc879fa8b4b29a106fb767123215e6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144673 Malicious code in magellan-vortex-update-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f82c6172c917e1fe89c1b3de08f1f7b8fb7a88d57cd33429fa4cb05c4baf99f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139456 Malicious code in antd-google-hydra-canopus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d85f40c521d390c13055ac239cfb90c2232db83fd4b38f76c3648973e735190 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149248 Malicious code in vulcan-nestjs-nodemon-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bca58c5db7f633962cd43a5bc3ee223af16b073b273e82fa1008712c7fafb6b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142004 Malicious code in eleventy-mdx-cressida-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7f74c97d401a134f9b646a3669fbb031a73c2e27575285bfc7e10c686d79f91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141493 Malicious code in deimos-graphql-procyon-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c04c5e0e69cc449de0674247a3157f77fd9436b0b2b13b415c65aa14f991fca9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146156 Malicious code in phoebe-link-changelog-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fed773ad62f38e8f3bd74b0c9bcaf7640090adafd10937effed4cce88d7a9c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143035 Malicious code in gridsome-cluster-pipe-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2e5775aa128ed1fe7041d5dd2e99b52daef172c04350b6ca8fe5a0a45fd526e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141731 Malicious code in dotenv-parse-variables-phoebe-procyon-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25727adf9796499061bfc2db2588d0ea8977bae2875b159d01c443e8a78f9aa9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146789 Malicious code in publish-impulse-package-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 195a18bbc2c340fa49445c8f98d48a8db2dd0d999cf1608f8d386a97d2d7cbf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148604 Malicious code in testcafe-sass-loader-morgan-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aac300cbf341a439102ac5de910036a209bde2e17e4223530fd3be37228557d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144165 Malicious code in kinetic-bunyan-dotenv-safe-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed537f4b241212a2b089f240ee57dc89cbad1679d4794a48fcc80d8ad47914fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142485 Malicious code in figures-version-carina-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3513c6b2aae948d358ed83dec49f13f53edd21ddd9d26e0a8146e9d9bfc18824 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147987 Malicious code in slides-hydra-cordelia-rate-limiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1d6330753c3485dd0c3aea450f2bf3977f19c73564ecb88f67cce4605e4374a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146602 Malicious code in procyon-kronos-materialize-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ced02c917dca028be82a66f333ee6a3354a49e9e41ad42fff078c5d42473318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147037 Malicious code in rate-limiter-europa-pino-pretty-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ee11da6aa21c1eee394751ea6ef9bfc6013fcc34a6a9479d9cb23c891837a06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140542 Malicious code in centaurus-despina-pipe-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7412f390ed0a56288b73f2f3b4c82e88af73120b691359e975a6aca3e0cacf6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147982 Malicious code in slides-apollo-cors-cordelia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bd8359770a2c125ee7525a313308c85f575a5541bbeb06436ced6fa8aa7ed7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144774 Malicious code in mdx-react-bootstrap-javascript-impulse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1e1744c55940a789327d9b33cc8d592c73c78aba0180a6c3d6f4db1c9a6d740 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149887 Malicious code in zephyr-koa-materialize-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64745d3cf97eaeccfe96114378f3aac75817dcf2d747b7c3eca54e7d2f8341dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...