MAL-2025-148456 Malicious code in tailwindcss-style-loader-corvus-mensa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 360dda3cbdf0ad64d11cf806ebe3a954d387a100ad64aff35dfb9ca17fcb04b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143639 Malicious code in inquirer-betelgeuse-perseus-centaurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af856ce8424780e448bc2e4ae72c9e125282095bea8380baf39f32da29543d4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in heka-express-axios-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33e9feb5948da23cbdf036738822ea99bdbb64939a1ec88089a7d78643a419d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-canopus-loopback-eleventy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4017d639d7ddeac9ee44aa2eeaa32adcdf3d9a98214a28fde276ae47c03edac2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149400 Malicious code in webpack-kaus-flare-rehype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75e99fda20e82afdea814a9ed77b877a7de3a8764ca4fffd9bd6948b8fd273ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143780 Malicious code in jabbah-hapi-eslint-config-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e9b0ecf467e4e7f27d78ea151d34cd5034fc94e10302afbc83903eab71ff875 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147682 Malicious code in sass-loader-quasar-transport-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f20c0ab48c9f324f56d5d61c41b6df53b2f9637aa4732f761ac74b9eda2b6ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143077 Malicious code in grunt-stream-rest-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 738247151f180588c56546db685b85a7ed478e77a9961371b2a46f8c2610da6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145784 Malicious code in octans-upgrade-celeste-chai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6820d8f46993738f98dec508b4393021d4bdbcb9dce746d48ce684c3ee1fb7cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143191 Malicious code in hapi-miranda-changelog-ini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66180cc95ece5af12d457fd622a3af203c17b90bb2ac5a47ecca155fc5308be0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149821 Malicious code in yildun-publish-rigel-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad41b4f77799c536644ce19f2d0b364a90968668783412895a1440eb38afd37d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143229 Malicious code in helios-css-loader-kastra-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 633c687aa376abebf8cfe06e2dc3aaa0c30eb2065e0fdf8373b6e67332e7882b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144169 Malicious code in kinetic-elektra-oauth-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c22228b96f1f94b44857105013958740ba11c801df19863786af40a7b2b19d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145479 Malicious code in nightwatch-pino-pretty-publish-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2a1c951fc5746b594ffe7ddccf0b1e29860605ad3eed07f5b638f0de0cdecc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140649 Malicious code in chalk-mini-css-extract-plugin-await-xo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc95d987297d2296f6f6c0e9d232cbc6e474b2557b42681d1cf2da9395a8e419 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145950 Malicious code in parcel-aurora-pegasus-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0850d9ceb923ea3b8c1fae4e07e33f2a81a4e2efb322eab5c70dcae054468a4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144974 Malicious code in mini-css-extract-plugin-gatsby-transform-ceres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f8d6e129f1fb2b77342ec6add65d3ccbf071b23d65893e28f8b00c0c398047b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141347 Malicious code in csv-markdownlint-npm-grus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e73e26256761af7533779186f15b847cda32f6523b5e531c46bdd00586275461 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143076 Malicious code in grunt-sails-astro-rigel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118a3909898666efc110e25978ce2c8ebec152db2edc41191d6cd9849fc4c0c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146527 Malicious code in prettier-yaml-commitlint-kinetic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84197f8f3211ebef49ce9b3018f98351e783404d7aee0a1de774671d75066fa7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...