MAL-2025-145710 Malicious code in nuxtjs-polaris-google-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70a059d4f6f8befc217803d2bc110b92360c80662b5242c31399896692d4dd6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148694 Malicious code in titan-tailwindcss-koa-transport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffc07afb489f3fefb44ee960e27915b773a85eca1cca9ffa50c5c027d2283e02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147163 Malicious code in rehype-auth0-superagent-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0608a928572c4b7bfb6946da1d1256c1306c074a7c2dfc451c142f079b1e49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143561 Malicious code in indus-child-process-apollo-karma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 907068498ca83a4f322fa13c07e12119461db1ab2f93983dcb53f18a4a2279a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148016 Malicious code in soap-cross-env-dotenv-parse-variables-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4b40f5873d129b069dfc467889c169b7f6211558d921d9c795476d6c125e58d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145404 Malicious code in nestjs-sass-loader-pegasus-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6047bada6c6e40096c170843b308e373244e22ee727ddcb994dddfb4c306c896 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nestjs-google-websockets-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6048757c791315828cf6fd6fc888bf6104dd0e50d276b6185244daea12ef11e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in andromeda-module-xanthus-arcturus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36c8b6df485741e609f00a40fecab5f5f73c08f74cb8b2e4e20b97b222cce80a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in axios-taurus-dependencies-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 965c88890449fe70ebace8f5d70434f7e73124448645e16a637c60e57170d328 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in blitz-solis-mdx-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac0a972116745bee47e642e59aeb49f9ef45e7048afbf60a8face542146c8f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in build-pino-pretty-frontend-rate-limiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 136bd760b092d361738315dc7ba6e397b79b80fa76ad0d08a50c3c277bd10a1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bulma-indus-mui-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dd578513e97bde5b2a543f6ce4f89225328ced75c1a8c735aff035ba75464f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bunyan-umbriel-relay-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f3f063c2281fff1e1b70c86da2fc195585d3c059d7911720de2e6ad6746f90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callisto-async-readable-ignite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c35c33f05d6aa52a43157130c15b3cb8b2935e68f7399cff7af2477785e2453d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centaurus-enif-registry-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b6ac6a6965728f64abfb8f42a82d75becc9f9347d7f4a9e8279711d36bb478a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chai-bunyan-gacrux-docusaurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce89ccaba7dbc5aae9691301466528ad1010928962ca93c3b5cb7236973b146c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chai-library-nebula-norma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51633b5eb10d91cac3ec86fe2365ae8450373b723b5074e954f4a5c87df7bec4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chai-protractor-dotenv-parse-variables-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311891f26ac9a5040a4dac757ffcaa479e02747a94a46ff8e9d59c7df2a7df70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in changelog-library-morgan-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55450bda6649eced55284a2e5cb1d17294f7d951afd2040f864d9af5c7287948 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in changelog-taurus-registry-dactyl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53159aea5ce380db3b88eb4598bc7c2b20a6594b39b1036b1ee6c316805d286f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...