MAL-2025-145347 Malicious code in nebula-meissa-shelljs-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfb81e90c76d751feb2f2117f1826265a6d23d702d9560c78ad944dd9b7a17ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146820 Malicious code in publish-vega-spawn-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2589b6efdb50910eacfb7ccf4819dbcb9694bf2c4dc977393e58ac92e7430e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148485 Malicious code in taurus-xerxes-hermes-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d62dd69842d1de8de9279530ed1672edbb1df83677fcfaeb9d7d4d1f68c79d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146561 Malicious code in process-nightmare-corvus-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8459dcf63d07e643ce12479580318ca479b9443183b139b99a36fcc6544ce78f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139194 Malicious code in achernar-cluster-wasat-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 870d69410b64679e12b4dc69b45ed871b6d833f3aee37e7b02406623d15a891c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141228 Malicious code in cressida-cygnus-commitlint-config-angular-readable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1141bebb30cede52e274e8085246ba2bf01af23cc1e83a43047a2bc8e1ad55d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141414 Malicious code in cz-conventional-changelog-cassini-websockets-tethys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3af3c7c32abef3f09dc34cac5664ace8f3bab516c57abf3248fb328893d55142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141288 Malicious code in csrf-levels-terser-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0119e00e1c8dc62089028a6be74894353bf9c1eabc5460e57721cdaa4ce24bf0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143110 Malicious code in gulp-await-antares-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c25349f10db35ff11b0cf94364dc21cb5982f02a40ff0ff3feeb8acd1dc244 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143785 Malicious code in jabbah-nuxtjs-spica-loopback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c6404a455bb29d3f9893290050e6e8982e6a5dbc7c9429a4f25827345da287 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144705 Malicious code in markdown-pdf-remark-oberon-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed24060f6cda0d0b13ac292dc552de37538523879e0da151f74b7139202a6b93 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139739 Malicious code in auth0-betelgeuse-phoebe-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 954a27b30c79b494f8bac523fb12cfefbcc5d58ba134a3f342680d5e53619d08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141113 Malicious code in cors-aldebaran-aldebaran-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1fbad0e36204591df10ee8666cbe61cee4d9d90e7623bcc6a1c10593e34ea94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141833 Malicious code in dynamo-optimize-css-assets-webpack-plugin-postcss-cluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83144d9b206c28bc214f1e496ade2f1cdd50ebd1fe16a324124bd89653ef1118 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146603 Malicious code in procyon-local-npm-cassini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57fbdf3e9b64bd0336eec4eb812a9f46e802ee7dd443fbdc3369a8d80c3be236 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140392 Malicious code in capella-meissa-chakra-ui-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d859cb2764f8b3a39fa333e103e88f965fa0aace5be1b50ec0f1f2899495610 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147992 Malicious code in slides-polaris-version-mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdf35e9d3704878c92e55276f6c4364b9b7151ccaf75ff7eb6050fd1d9fb18df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144432 Malicious code in lint-aquarius-morgan-ora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 602a9e575ea97787e2315b95517cc650d51f2f0bf594adf1ade583b2e9857258 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146838 Malicious code in pulsar-orbit-capella-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62bdca590ad06adc6837f3786b26dd80e42dac494df369de6e0a72cf115db638 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140293 Malicious code in callback-antd-transport-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6569a662a70325bcc24af5690240507a958b0858db69dd698905ea5bae8443b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...