MAL-2025-144673 Malicious code in magellan-vortex-update-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f82c6172c917e1fe89c1b3de08f1f7b8fb7a88d57cd33429fa4cb05c4baf99f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149085 Malicious code in vega-callisto-apex-cygnus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbed3cfe68e3a74b472ac88faa9c8d2bf8dd3dd2614d6a118bed34e17c7d1c06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145767 Malicious code in octans-cross-env-json-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 980d9c7fa3ca9b291ece46c179901d948eb4dc5790702dbe2e3b7d7ef2e88927 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146719 Malicious code in proxima-hyperion-vortex-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adaafd343659e7777c9a7a305eff3bc02b790d3119815ad8231b911b0c801068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140177 Malicious code in buffer-venus-mongoose-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 275bd9bf8bcf372c892a5b5e40e92a005b985000fedd2730df4f2ad8c4628dc5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148073 Malicious code in solis-forever-framework-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 316e03d2d9b03a42cc0a18edfac946e966f105a3ea8f7dbdab34ec57a72304a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147854 Malicious code in semantic-ui-perseus-firebase-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 434d4e5d4dfaf9d49ee0ae359f833596501a2b8580d6d1017a79d5082382164a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139608 Malicious code in astro-izar-enceladus-grunt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60f5b63fbc2117df1a11a114e5aadfed4eb770749bddd0c8d2a0b2c83a7d4874 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141150 Malicious code in corvus-dotenv-safe-uninstall-babel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5bc13b358ae761bf55bd16caa1893474822c15d72cabb164ab435a6625522aae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147648 Malicious code in sails-jabbah-pegasus-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6860061d743f6953d2851725ea2189350d37e0e2b9f3c1a48631a6ba4b8d84aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143080 Malicious code in grunt-yaml-testcafe-tailwindcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dda42b4b0a944d0a92c8e190fcaa32a8da8e62b2df0d5a65453f866118b2c90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147227 Malicious code in release-it-nightwatch-jekyll-yildun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5796729233de51edc8c296497cfcabae7b685d63f4f1c6a8c094d2ab4513ade2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139625 Malicious code in async-halley-adonis-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c49800a339e63e2f06a6f4c122c665e86c4094652566afaabe5ae0fba35868a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140274 Malicious code in cache-jekyll-pavo-centaurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b711485d592350a6a83a3dabdc407a543fc87d03c86434e29a65601f32010d14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146602 Malicious code in procyon-kronos-materialize-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ced02c917dca028be82a66f333ee6a3354a49e9e41ad42fff078c5d42473318 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144165 Malicious code in kinetic-bunyan-dotenv-safe-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed537f4b241212a2b089f240ee57dc89cbad1679d4794a48fcc80d8ad47914fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145287 Malicious code in native-cz-conventional-changelog-meissa-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bac21f13b4b7614fa1c9af0606fd1809d609ba57b1a9f0340f11c23f245f30b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146129 Malicious code in phenomic-despina-dagda-xenon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab449a137192f276f029ef3c6b3f440fb5830046c09e761a0471ccc9abb43b51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149606 Malicious code in xanadu-postcss-slides-reveal-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a41a30b3763024f334b151b2995172907baf7eb8f012bf82cddcb6d471fa0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148158 Malicious code in spica-css-loader-testcafe-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36597f416ec7c190e827446bd569c4ad103c21ea45306506b1fa9419bb85a499 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...