MAL-2025-147272 Malicious code in repository-lyra-react-bootstrap-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96745fb4e087f1d2fa6cc12f0673c34c9c89de6e5261f9db9d80208c34740662 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139935 Malicious code in bellatrix-element-ui-native-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1d1043cedb1fdedef8a8f3bc8f478c9b74d28d60356cae5f3555fb9b7ae998c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149338 Malicious code in webdriver-manager-xerxes-event-bulma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db070374083eddb2daddb8c997cff503dade123452489a5471fccd7524dc5dd1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145194 Malicious code in mui-apollo-transport-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22e66318ce09120e6b5ef2505cdd3821e25d5abc7bf54a8e2a36bfd13731808b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148098 Malicious code in spawn-io-cosmiconfig-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9e6b201351a9a51dd4418072852271e69f95ab27e86b442ea8598d9ae40f2b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145784 Malicious code in octans-upgrade-celeste-chai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6820d8f46993738f98dec508b4393021d4bdbcb9dce746d48ce684c3ee1fb7cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142219 Malicious code in eslint-gatsby-init-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2927981e2214a116cfa4d45c9f21260f04a036db99fe2eeedc2531cb6b09dc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145950 Malicious code in parcel-aurora-pegasus-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0850d9ceb923ea3b8c1fae4e07e33f2a81a4e2efb322eab5c70dcae054468a4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144761 Malicious code in mdx-colors-bunyan-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57ebdaf7ddd748565865373709f059db4eebe245bfba39889caf703a67e93af7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145479 Malicious code in nightwatch-pino-pretty-publish-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2a1c951fc5746b594ffe7ddccf0b1e29860605ad3eed07f5b638f0de0cdecc7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140370 Malicious code in canopus-proxima-yaml-puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab40b667df69aafddc22f108f2d07a25f78edad369a93fe46cb65cacb2f989a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143694 Malicious code in io-elektra-chakra-ui-configstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06ec836c25be7c8fccdbaefff9c32a7db893a66dbeab6e8597a1524652329167 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143668 Malicious code in install-bellatrix-firebase-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8b752ffb2acce4c9001188ca2eabe54ec54f0e1d4c39be203e5b4cb7260b9c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147682 Malicious code in sass-loader-quasar-transport-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f20c0ab48c9f324f56d5d61c41b6df53b2f9637aa4732f761ac74b9eda2b6ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144980 Malicious code in mini-css-extract-plugin-meteor-capella-nconf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a2bffa9bd292d3a0b9290865876b6ebc6200573a041491ba008385a5a036a1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143135 Malicious code in halley-dotenv-parse-variables-hermes-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6721a07f0aa63d30da176b4c3573e64f3b5986a4ed416aa41fa6596c124b83c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143077 Malicious code in grunt-stream-rest-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 738247151f180588c56546db685b85a7ed478e77a9961371b2a46f8c2610da6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147985 Malicious code in slides-geckodriver-sass-loader-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ffb3b79f8518cf9c8eb783d487fbeab6cbe1a3006f9b7dfe4811dbf438c53aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139826 Malicious code in axios-docusaurus-node-sass-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edbb6d2fb12bad9e44295778236ba91dbbdac0b8e668c461c5030b7c439e518a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145206 Malicious code in mui-npm-typeorm-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6314a131d3ae7ce58ce6e7f2f0c12949b4c1a9bc4551a6aa7fd2968d2e38c876 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...