Malicious code in hydra-duplex-npm-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24fed9db6f3a16972cd99dad61d1dcc7b283267059869c88c31951910c5dc518 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jabbah-colors-parsec-chromedriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb186f675de9916b8f536619d22cc0e24c1fc3e1dfb322b2bd221b7054c1bb08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meissa-foundation-plutology-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffb74fdd0e4a61807045f718c99625afd464a52402ba71b86bbc5cdcccb57d78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in notify-beta-tree-mock-minify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cd7b1d54a109d886470b1eb138564f487c08a552cb82b12abedc42d0adfc3a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in orbit-html-webpack-plugin-xml-docusaurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08fb8c907f7e235373242f869cd54f573229f75943e3b713df6ab822fa2142e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postcss-loader-ganymede-metalsmith-farout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16d3d14c13f394da725b8d17c124c9aa3305c6a8dff021d59ab3c8fcc8fb610c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-plugin-markdown-toml-reveal-md-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff999735f3feba34d19df5a1438749dc0508d8d6210fbc23713452c707547b0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in redis-acamar-terser-webpack-plugin-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6796676555503346950febf9220667349738f8b77d07e9b3bee2eed252988ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-plugin-octans-fomalhaut-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5af786cbe84ba8a4f35aa3f8afa89b09b9b2ad65ba56783efdc80335e5eb0fb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spectron-ursa-yonder-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11e8934f9f8a84c3ea9257ecf86439131845b5e98b2fb112a7de097e28279bb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sublimation-archaeoastronomy-browserify-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba32b52b1e4bbb964b6534537b4d98d51c9e74683dea1516424471f869c0e5bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tachyon-vortex-bellatrix-csv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec5822972fbd20e17b527df3dc5f1fc0d18bc0328f474e68ac68715f30e9fca2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in testcafe-miranda-electron-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6dc56bc034bb1eb4e4b4fd3fc8d7db620ba01d5807f3200c1c40cfe1f26c695 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wavefunction-perturbation-stratosphere-supercluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73c2a5688743fb7f4ff61a834dff95bc245f6cf1a7ddde56e9b51dbaeb8cd2d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriver-manager-stratosphere-stratigraphy-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0934643185b5cbcc16307cc870692bbaf0a0c6ef0085d73916acdc478aa082fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xenobiology-hermes-selenology-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 520f8b0d6c97bb10f487a3d93d392a620438141a0256a422bdefb4ae61f5b959 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fetch-readable-spectron-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c63589f0ebd1c39360f807094399bb7293af123a3f30940dd806d287be6c8076 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rest-version-library-hadron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e3b01d06955b1393fdf87ea7bfd085c32e43a39e890b503008aefae093db6b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in atlas-repository-nova-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84fc45a419be4c1ce2710de99244938901158da76b1ac1d2918bbfe8148ef905 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189247 Malicious code in rimraf-playwright-morgan-norma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 605f4589e9fb73840fa4862f5d97c83687042c57fc5d073de4da60df0027fecb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...