MAL-2025-169203 Malicious code in trevora-cir147 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26cc225376397d38cc42811187cdb5754bfa954fee0ec345b394e70c7d5f2836 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-164357 Malicious code in poli-akilu-lunakia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e07ca5dbce861eb7ed7e89c9a4b906687a0f7a850cb973ec910b38687946223 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-156061 Malicious code in icha-78 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 400a00b19c2b35ed8b4e047931de30644388411b4d4be91e8ecbda30a913ce6e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-168164 Malicious code in tealove-coki1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11f2165aa2c5a3abd122d1a542037c72e81a01d02ad22aad35a47e8be75b4032 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-167928 Malicious code in teagood-yakuna67 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9c407757910bf8dd2c4bba6b704183f37a6567802505e0a0cd5d85f9021e525 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-163131 Malicious code in nokire-namiresan75 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dda35533eab844075dcc5ebf15f47343b1b34e2d847aa66370fc828f59836ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-150720 Malicious code in @miptaa02/idd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2df6d8c2013e24e3a393c6442f566c084224643cc946955cb52be95058f0da9b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155991 Malicious code in icha-14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0638eae12e41420169d6576544c156da73d1ed0513d74848c5f6008ebd8ee15d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in csrf-process-janus-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffbfe931a8e51ce2cf27b87751a2a29dae84389abf262cde9b1af1587c6307b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wolf-cross-env-markdown-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf92b6b8c6a2644f72700eeb3abdadd149b76826d296338e032bf88f95a1e0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kronos-spinner-io-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6884e2ffd1ffed28fa9c2fef656a4ed395be617c7b381ebd411f4cecbb78a380 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fornax-grunt-zephyr-bunyan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5618c03ace1b7982597f2237ad3ce62c1e20dfc2b23419fe11450d9d6f70b7d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xo-metalsmith-soap-yakutsk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3eed56ac6234cf263ebbaef75ed8de7d887c7664524ec5fea3555447a22a469 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zephyr-less-io-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a34eb09b771f9b1127dcb61d38526c7427d7ddefd7e5dc2b2bfff596afa974fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in writable-umbriel-betelgeuse-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49aed667d56d8cc8885f4af0fcabcf078c4098c9b6ba017f25d958cddd56a802 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148669 Malicious code in titan-adonis-nestjs-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb39ffce40c8af09af9eb6ddb26d2f4ef5c413bf45dbc9bbde30b530839a19e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145710 Malicious code in nuxtjs-polaris-google-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a059d4f6f8befc217803d2bc110b92360c80662b5242c31399896692d4dd6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148694 Malicious code in titan-tailwindcss-koa-transport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffc07afb489f3fefb44ee960e27915b773a85eca1cca9ffa50c5c027d2283e02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141672 Malicious code in docusaurus-package-odin-helmet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b80c72158c29c094f5a17f94d21f9bc8882f4f430bea81bbd357f33a021a4a01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eclipse-alphard-promise-commitizen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c2d18ca2f3faec8f5b44d1646ac4e157f8fd63aa204750ef48ed219fceef1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...