MAL-2025-186931 Malicious code in express-terraforming-nucleosynthesis-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d58c13e8ab6630647d9a08c3b65040effac140f3a388762a6acd5eee532a1a66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186888 Malicious code in exec-markdown-avior-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a1422f2c4e3c9593d29f828fbdb6f4fec9411dbaf4dcae7befd206792eba11e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188358 Malicious code in nova-sagitta-pegasus-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ba21826bf8441b5f8669b89056183151cc9cc9795e5a3f9d08c1ba1adc2ff4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189730 Malicious code in sudo-yaml-virtualize-encode-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 472230c24a499cc530e4f6f10d962aeb1fe1c8006af18fb249913614d62012a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in old-grid-permission-gamma-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e536f38f9d7318cb83d2c050cb34a8e1c0efda5109e56d6701c3335ebf74ed16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vega-toml-hexo-quito (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efb24c32e4d09b99287614e8f188638625c244dfd0b4f79bb5170f0788ef9b80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sudo-reject-mu-proxy-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71bd21ebc82601b1500c1ec0b38beaf261822f483579359312b433a31d3a139a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hawkingradiation-jupiter-toml-comet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093f597817c5057b6028054d85338a68c535363cae5c2a33fa92fb3c5295d345 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in janus-enceladus-supernova-panspermia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c0d9eacb602968519228c53fe632ffea01a20848339c1332b7c1701c9be4f96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zooarchaeology-nodemon-semantic-release-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc86611ecc1d408557ed31ce6290315bef498929933479df9f8045b837679a11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in registry-relay-electron-builder-vuetify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67c1995ab1976896034e028ee640c5ae740b13db01b79296b2487d4d3fcf022 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gacrux-figures-postcss-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddff144498a159f4f0aa53d17350ae7278a0691307113dbcb07ad4f8a5671e0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in heka-relay-grunt-gammarayburst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a34c9f4c51f9fbb8b1a6af7224378de5173d0150c7a5c3399e7e8ddb1e5c9e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in triton-perseus-paleobotany-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a50047252fce66e072640cd3c4b7303162f58edd8f8ab3107fdfa9cd848674d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dendrochronology-eslint-plugin-andromeda-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24345b9ae34655a19ecf0ebf2bd34e7ba0977ddeb6130cb2b356585ae554d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in double-grid-resolve-data-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec84b8cf5799e8ac659af511e2e198a7e75ad80f432bb110d8f87a68bdef0b35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eris-postgres-taurus-metabolomics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa737fc1e071f4c754c680f6353ec4cdd65d7e7162df98b7885c18bd7563f2f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in loglevel-testcafe-spectron-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d18cc09f60af22ff0427f07e1bb85abd4ff926d818b7d8f0fc9656c316e1cb19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in norma-tool-stratigraphy-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cc0d54c69ea8d5d3fb2526b4c3613bc17ab6bd6c2ce8287d64c44fa51ff62cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stream-indus-dendrochronology-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcdf9efe1fac494c78e0dc753729d3c091e5206d94dfa78e6b2352c83e1ddc9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...