MAL-2025-146820 Malicious code in publish-vega-spawn-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2589b6efdb50910eacfb7ccf4819dbcb9694bf2c4dc977393e58ac92e7430e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142005 Malicious code in eleventy-mini-css-extract-plugin-cordelia-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b24286624def132ef9c376a35c74006cabf3598f7c1a32d194a5a9b4fdd37621 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144739 Malicious code in materialize-europa-install-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c34f5b580e515d57b2f97959e41b59126793c501180fdc1ce97b11c5f06699d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139723 Malicious code in auth-install-express-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc84c9cea7a462d14f089d9789f7cf7e51ace437fac4962b642f9119a22902e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148906 Malicious code in ultra-rehype-deimos-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ade24bb378c76c036b71f2cbd39bf86692a9c9c7c9737f14ddbb3b7e65e841 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144433 Malicious code in lint-async-ophiuchus-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe256531bfbaf8c707e1190eceea22bcdef245f3ba69e06e9cfaaa55ddf58338 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142160 Malicious code in eridanus-xenos-publish-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecf0532d7b2c3c520a6ae1abdb5fdc83cecaf382167e69ac9936bdd4415c8930 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145907 Malicious code in orbit-hydra-test-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c07e9826c7bcfe2f3fba90971dfc109aa47a799c8079f02becdfdaea244b9e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144532 Malicious code in loop-sadr-mensa-cassini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37c6d94c5110e973d1ee3f2bb26b12db11bfa2e35bc1e57032de8fadb1cab64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142907 Malicious code in gemini-nightwatch-janus-lyra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d80540366eb681c89a52dd816b4a254ea23facb053fadf663e40828a96abfb73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142631 Malicious code in fornax-loglevel-xanadu-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f4564c10a88dbb40742a117cd51e90da16d563a33c2464c01b686df5490cb33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147862 Malicious code in sequelize-auth0-publish-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7997c1594e3c8ca4516fdc5903416d5f8cdf4e40750e3fc69f596f4832c1ba3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149161 Malicious code in virgo-neptune-rate-limiter-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1fb0f24eab897236a8f82e3344699506bb8f68e405e72048c7db8a045739259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149074 Malicious code in ursa-schema-norma-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed297aea32ffff06bd657cb24540c11c48fdda93ec9e7a04d4f503346065c10b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146671 Malicious code in prompts-nashira-pulsar-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b34b2df3d4a4995a17928a35dfc555917a0dc66c1262a3ba9686778acca2a992 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141340 Malicious code in csv-ariel-sirius-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb0e61ae6839d445fb388ec17f3094ac1fd74c68c9d057251528b87749bff4a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148158 Malicious code in spica-css-loader-testcafe-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36597f416ec7c190e827446bd569c4ad103c21ea45306506b1fa9419bb85a499 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148904 Malicious code in ultra-playwright-flare-thuban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efc6a1c7c442c53b194a331d867177d214e9c376b7f6a3f4abcfc5130d46dba8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148296 Malicious code in stop-ganymede-prettier-plugin-markdown-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdbf03b50094cb4b2dabfc1f9cb2b12fc987c7c284d4239709d51ec7e88df419 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143237 Malicious code in helios-odin-start-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db7425d137324f44c522d980f0e97d5761901d2847c2349c5a0b5321bb8f47c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...