MAL-2025-190292 Malicious code in webpack-query-thermochronology-antimatter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6a6ba0afcd681d793424b23a2849d2d1319c11a0069ba3956b955fc994186da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187953 Malicious code in mdx-hyperion-taurus-antimatter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d5dab7a7c597d9ff7f83c4f405d6e51f5f69a9246ec69aaf50097b1fb04c2d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in readable-configstore-regulus-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa106f845b72360c2409496dfe3d10196e362e64b56e8b6839e6b3c82bb06a32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188979 Malicious code in puppeteer-fornax-prettier-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80a4f13a778c9f14060b5577fcc6ca5d624a55969ca1176e475251c8489bb9ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189595 Malicious code in spawn-exec-zenobia-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08d195fec77b588ee50726619249d1d77aacd06b4a03966370f3dee0c6edc02d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187012 Malicious code in forever-iota-callback-vulcan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2f60f3a13bf834da1f6e7ea40da360ca3b541224c8dd928490733f69f44b927 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186994 Malicious code in flare-backend-jsonp-orogeny (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06640d76332704792e5098c70eb8c3d1552602cf276e52392177510a7cc3a1b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deimos-hermes-quantum-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da041c19408afda84511c39a5af5b767f425c262366c89f8688965f88b3639d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nodejs-oberon-ignite-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e482bde61fb3e85e4f0ddaf6dbd2bc2b7e66e9546b44fb6bde77934921f5482 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189763 Malicious code in supernova-dysonswarm-arcturus-solis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb56d71359f955d83f68c2050ffd9f7e52a84eaca18c226afd9b2e5225844e19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local-astro-inquirer-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcd3727aad6507bf25f15d7e399ff05fed2cdd7bb502e484039078f049b94ced This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188709 Malicious code in pino-pretty-technosignature-biomimicry-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d78551abc317c974c87d5054e9be17761bb59010ff189eac4ca579d528d32c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187066 Malicious code in fusion-nextjs-iota-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2739ca69baf49a58e1a18599d116efe40fb26d5faa0c30a424d82a862f56e333 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188592 Malicious code in pegasus-cache-passport-vortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dfec8b52297551b8c72f8706ea4a3412254e3aef5804f3ecfcd835d4237b6bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190294 Malicious code in websockets-areology-perseus-redgiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3a0d0d816331e3b9eeba505a2091701deaf08b125e2a81a587179de98ad3dff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fork-webpack-kastra-chai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faa08ae10f43fded7688f06c4437636a450b0f4c86bfd008f64545bbd3f8d558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in membrane-kuiperbelt-cluster-remark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2639962a1d823072dd4a426f9f130d9902d802d078ba51a039ff515114bcb742 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in titan-fusion-virgo-slides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4501f11a2deae04085746254e3f775d5d1da1b5a90819236beb332f1930c3d1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bundle-static-pipe-mu-float (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f641f6aa0764215f73a963c56b013c9e4bfd8f7faf47e0b43a01931c03383404 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in old-grid-permission-gamma-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e536f38f9d7318cb83d2c050cb34a8e1c0efda5109e56d6701c3335ebf74ed16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...