MAL-2025-141572 Malicious code in dependencies-lacerta-hermes-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 678c3892029c1b658f28fa5b4cc927adeb359d890e770612dd77011a83b270f2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142904 Malicious code in gemini-mini-css-extract-plugin-style-loader-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55dbacc8fc1bfa1a561e8f8fae3f0884f286af2d6425eb54e8131852deba7f28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140541 Malicious code in centaurus-bootstrap-callback-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7969750400aaf0b8947f7695420d28f460891a0d6b84261f1405f84b7010400 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140411 Malicious code in carina-impulse-slidev-comet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09ae1f871514ee10efacea0fa8c481ee0c8e1e234293b01a5215f6c2c8d3e048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143077 Malicious code in grunt-stream-rest-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 738247151f180588c56546db685b85a7ed478e77a9961371b2a46f8c2610da6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144555 Malicious code in loopback-kastra-soap-bulma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e6751700dd5dafa2b7cc3b3121f35df9e182b23f1034caf2ebb6aedeb0f047c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145380 Malicious code in neptune-sirius-nova-chai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a425c2a2e2163355f23cd42636cdece7939ba05d368a64b535bedf1a4bf142ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147667 Malicious code in sass-loader-foundation-jsonp-react-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4e0350965ae13726f78400cab872791dc3e71479029009fa263dc5231d24251 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149585 Malicious code in writable-yakutsk-loglevel-koa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6898ceb5699951bcb17b152597db3038f274c8ddb303c8ba3ef5c815fba5f232 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148098 Malicious code in spawn-io-cosmiconfig-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9e6b201351a9a51dd4418072852271e69f95ab27e86b442ea8598d9ae40f2b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145784 Malicious code in octans-upgrade-celeste-chai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6820d8f46993738f98dec508b4393021d4bdbcb9dce746d48ce684c3ee1fb7cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143135 Malicious code in halley-dotenv-parse-variables-hermes-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6721a07f0aa63d30da176b4c3573e64f3b5986a4ed416aa41fa6596c124b83c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145336 Malicious code in nebula-bulma-transport-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b901ab2b042e34d6b97c28bdbfc77d59d7599338dfb7cd5c7b18ddbb4e341a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142219 Malicious code in eslint-gatsby-init-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2927981e2214a116cfa4d45c9f21260f04a036db99fe2eeedc2531cb6b09dc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145950 Malicious code in parcel-aurora-pegasus-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0850d9ceb923ea3b8c1fae4e07e33f2a81a4e2efb322eab5c70dcae054468a4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144761 Malicious code in mdx-colors-bunyan-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57ebdaf7ddd748565865373709f059db4eebe245bfba39889caf703a67e93af7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147690 Malicious code in schema-csv-octans-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c3ff1d427c6dc5249ebd942a1b207b0ea02860a4d1ee16fa12badf4b8206eae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145479 Malicious code in nightwatch-pino-pretty-publish-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2a1c951fc5746b594ffe7ddccf0b1e29860605ad3eed07f5b638f0de0cdecc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146944 Malicious code in quasar-cosmiconfig-async-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e76bb28548534fc01c9b0261f4267dbbec430eb9d246820b1104a172a156064 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147215 Malicious code in relay-zenobia-webdriver-mocha-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b73afecd50bb21b7928b5f8587d1351cbd5098add2bfb6907d1b41a98d919828 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...