MAL-2025-142965 Malicious code in google-magellan-config-avior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca1381d36d49061952c1f910630b1e1936b3bc590e02317d6cfb75526024ba2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139984 Malicious code in betelgeuse-hugo-promise-envconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a25079b613d6030c816cc270a257bdc5bb2c7b5b0b294acc68937fb741bd31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141414 Malicious code in cz-conventional-changelog-cassini-websockets-tethys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af3c7c32abef3f09dc34cac5664ace8f3bab516c57abf3248fb328893d55142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149900 Malicious code in zephyr-zenith-configstore-gravity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1190e910c0d9525842cb1b622a23dcdb6d56ed8baf21821891533ea0f4e2290f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140371 Malicious code in canopus-publish-hyperion-release-it (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ade672de04d726eafe2b0d4f770e9e0ac17468c7213b50b481e09f1fec4e5c99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142770 Malicious code in gacrux-hermes-mysql-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 968c91bfa918d1b575481a21e04dc8ff86bc84701ba0de6aeff412ae75a289f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143760 Malicious code in izar-meteor-nightwatch-callisto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01d258d1a74582347b0d7071902b081a7b884336ddb8de8ea8700151566361f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139739 Malicious code in auth0-betelgeuse-phoebe-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954a27b30c79b494f8bac523fb12cfefbcc5d58ba134a3f342680d5e53619d08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148604 Malicious code in testcafe-sass-loader-morgan-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aac300cbf341a439102ac5de910036a209bde2e17e4223530fd3be37228557d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142646 Malicious code in fornax-promise-less-heka (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc474568ab6ea1c4a33328711e82d6c2c1af6eefa3436ba7ab3702f46c427ebb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149156 Malicious code in virgo-global-superagent-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d8563f28a2a27d7861250bad8476d45d2682ca1232f97b8792980d923d60542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146625 Malicious code in procyon-wezen-html-webpack-plugin-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67b5af772803ada032750ec3f8403347e7a424e0ea7df55a1c9aadd26abc0e2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146938 Malicious code in quark-sirius-fornax-odin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6e66b6d4c4a782bd1811563df45256c74e75c5d248ade83ce2ab284396724d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140238 Malicious code in bunyan-airbnb-hercules-protractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 902c506105d9f9aecaf0110f61001522b5075ad62329ab9cf6b79c9f6f56cf68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141288 Malicious code in csrf-levels-terser-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0119e00e1c8dc62089028a6be74894353bf9c1eabc5460e57721cdaa4ce24bf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142303 Malicious code in event-aldebaran-nightmare-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fd78dda52ef11c256ab005616998f64e0293229ae1c26709e75fb37b2b77547 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140630 Malicious code in chakra-ui-transform-callisto-unuk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d6aff6f665f5d65e9160b95c96f0f11f50c7be5f51cc556bf3a6bb92a1f1324 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146706 Malicious code in proxima-auriga-luna-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc49a5534846ee216e1649c7299a0fb3a5fa939dbe2741ab3b04cb4e71e15b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147862 Malicious code in sequelize-auth0-publish-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7997c1594e3c8ca4516fdc5903416d5f8cdf4e40750e3fc69f596f4832c1ba3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144053 Malicious code in jupiter-chromedriver-semantic-release-chai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 590cfbbd2666570f8d9879763164c990cb4fd113b989d953b739241f50754b43 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...