MAL-2025-146820 Malicious code in publish-vega-spawn-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2589b6efdb50910eacfb7ccf4819dbcb9694bf2c4dc977393e58ac92e7430e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142275 Malicious code in europa-jovian-regulus-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd669443822a9bcff454acff3461792c5cffcb6131bca5956c40eb5ecd37e244 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140392 Malicious code in capella-meissa-chakra-ui-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d859cb2764f8b3a39fa333e103e88f965fa0aace5be1b50ec0f1f2899495610 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148511 Malicious code in terser-centauri-celeste-bulma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e339383723734c046325b9da29001c1e0448f40a44486961005b3795aa6de17f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pulsar-duplex-chakra-ui-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475125da4e180577d2f6485fc6337dd3a6e8b9207f29411adea8142ac112a81c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vortex-apollo-meteor-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a73b39a4ae11e65de11974c8e1b34310c6ed643b2c0ffe16c0cb86f1da8bc1b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-ignite-apollo-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9955c0bdc50f51dbe4056f786cce9f2a0b67b0957ae6479ff9241960d1faba6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nestjs-local-less-titan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a585851bb7e48da08bdaa215566063a5c8743693cb1a4763381e603664cda19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callisto-pipe-sedna-terser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 567315862c15130d7ee16b1644ff030a5389ff4cf537b86ea537279fed0aa46b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in acamar-css-loader-style-loader-readable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3ed716972d5290f3c88b1d1e9ce21f40cd4f788fc0787cdad21f76eb2590e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vulcan-eslint-plugin-aurora-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8dfbca6d0d69647c5f5463eab5bb90e64d9e2b01eae0083cd94d966cfe894c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in markdown-pdf-dactyl-ini-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0224b06c2bc01bac122fd5a5ce40190a7a89a36d255ff938537c7373ca12a14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in exec-thuban-farout-xanadu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a5e0f5863dba7b13ecdb47a3d26a8bfd96552671904133c0e357bc0b6071099 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-staged-library-fork-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599e178fbd7b06563cee8ffa42611bd250dbf206a67592c620ac211ef0d23d4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142831 Malicious code in gatsby-antares-writable-centaurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a26b78aef3942d60119f4eb9ae9dcea573b79c20d31c8aa198ef687ab7d493d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149285 Malicious code in wasat-draco-izar-vuepress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d637d2ce4aa2c840283bbb45f4f703c277c08548669ed22ee03f7ea74bd5d784 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147675 Malicious code in sass-loader-meissa-pino-pretty-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a246180b1e7c49c62f2f18f439a38315a0f41c7affafa8418bbc4b48d1a8f63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139739 Malicious code in auth0-betelgeuse-phoebe-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954a27b30c79b494f8bac523fb12cfefbcc5d58ba134a3f342680d5e53619d08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139397 Malicious code in antares-child-process-algol-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee989f66e1b782655eea49ace8d232ca5718d86a06908628e76997e997f869f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146071 Malicious code in perseus-cache-remark-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b778b31a4c65c8bba177c7cac5af3c1cba209d38f682bbcb2d35fae5df195fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...