MAL-2025-140607 Malicious code in chai-virgo-spica-blaze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89f745f535148fb9dba116bf9fff2d297aea6b16488115eae1578780426684e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147259 Malicious code in repository-canopus-csrf-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57df37eeb7e187b75a267e5bee180848261635a3aa7cba4cddb584697124456d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139625 Malicious code in async-halley-adonis-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c49800a339e63e2f06a6f4c122c665e86c4094652566afaabe5ae0fba35868a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149742 Malicious code in xo-adonis-callisto-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c86b777e7b69686863ef14110bef4d129fd9013113a9688fb043f551c76f915 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144969 Malicious code in mini-css-extract-plugin-callisto-vulcan-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4fefa2b8aac08eb3db27624e6a94ba26bdf920229211f6b3eeda2ce26bd6c4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142827 Malicious code in ganymede-umbriel-hexo-writable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d009dee3dfc15d5c2b97f41e178224d0f0c01bd4a77c68c903623372d3206c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148906 Malicious code in ultra-rehype-deimos-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ade24bb378c76c036b71f2cbd39bf86692a9c9c7c9737f14ddbb3b7e65e841 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146602 Malicious code in procyon-kronos-materialize-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ced02c917dca028be82a66f333ee6a3354a49e9e41ad42fff078c5d42473318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145833 Malicious code in ophiuchus-pavo-docusaurus-babel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99a79c288080b8fddeb7066d7a272b440e104692bf11d0fb31de33667ee13c74 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149663 Malicious code in xenon-subscription-configstore-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb66ff1c012081cd21030b4d61b73c3dc1b262d6a90182478c8a1d2c7813b4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148120 Malicious code in spectron-nextjs-element-ui-passport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0061303e422dc557f76edb02ddf4add87660df7d1e7b5c1ba2c1410f24e5d69f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142921 Malicious code in global-algol-adonis-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3843506cf065364f776d0586ca97866bfb170acea717abb5c1f73d6f78f467f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pulsar-duplex-chakra-ui-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475125da4e180577d2f6485fc6337dd3a6e8b9207f29411adea8142ac112a81c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vortex-apollo-meteor-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a73b39a4ae11e65de11974c8e1b34310c6ed643b2c0ffe16c0cb86f1da8bc1b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-ignite-apollo-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9955c0bdc50f51dbe4056f786cce9f2a0b67b0957ae6479ff9241960d1faba6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nestjs-local-less-titan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a585851bb7e48da08bdaa215566063a5c8743693cb1a4763381e603664cda19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callisto-pipe-sedna-terser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 567315862c15130d7ee16b1644ff030a5389ff4cf537b86ea537279fed0aa46b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in acamar-css-loader-style-loader-readable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3ed716972d5290f3c88b1d1e9ce21f40cd4f788fc0787cdad21f76eb2590e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vulcan-eslint-plugin-aurora-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8dfbca6d0d69647c5f5463eab5bb90e64d9e2b01eae0083cd94d966cfe894c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in markdown-pdf-dactyl-ini-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0224b06c2bc01bac122fd5a5ce40190a7a89a36d255ff938537c7373ca12a14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...