MAL-2025-146483 Malicious code in prettier-plugin-markdown-hermes-inquirer-rehype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b04495147b6fa746c0fe38e9f928b8b97779d92f7e16ed600a62b76edae78a01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142482 Malicious code in figures-semantic-ui-cypress-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ece749ed6b3a6383fd5539ce53e0778c8e77de27ff7db6abaf98171a96c22cbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141413 Malicious code in cz-conventional-changelog-apollo-europa-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a374729d98d86f3613bd69ea8a7dab54201ac5cb5daddc4823cca64866c8c87 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147163 Malicious code in rehype-auth0-superagent-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0608a928572c4b7bfb6946da1d1256c1306c074a7c2dfc451c142f079b1e49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147963 Malicious code in sirius-nodejs-pino-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f24968e7924be81b0a4de90c0dd069b7b1e511e2b7bd3252f1005da9c0d0dbe6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144846 Malicious code in mensa-cosmiconfig-sass-loader-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc4774c2b116959c2ccab5c6bf4747b653d6400e83e7a4849c1bf7bb83e1d7e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148016 Malicious code in soap-cross-env-dotenv-parse-variables-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4b40f5873d129b069dfc467889c169b7f6211558d921d9c795476d6c125e58d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140924 Malicious code in commitizen-await-commitlint-config-angular-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ca5ab4510a606274ae8a004323b0e1abe851ab2bd6248263f9b5647d2de6aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144176 Malicious code in kinetic-lint-staged-commitlint-config-angular-vortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb0ccf783d99e2f174768c7a2d194db3957b6b4005ac8c4e3b73a310d979249d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144649 Malicious code in magellan-middleware-protractor-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 930bcf903d4874e22b6b79a00b1cc2c3a1fbb30b21d8d457777e38c1fb17f539 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143519 Malicious code in ignite-morgan-postcss-loader-morgan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69416919d6a5f042a70f254596d0ddf47863aea254d55875387e2df7ffc3ebe3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144940 Malicious code in meteor-start-query-cressida (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc490646055a04b32e6ac80c29731adb0ffe77135199dacd712a2f500f6711d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146400 Malicious code in postcss-loader-mini-css-extract-plugin-development-heka (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06bf6d7f07b3ed2d9691b5bcc6b10f80b6a8691b343b4cc3ba50758e2edf9632 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140210 Malicious code in bulma-config-kinetic-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22186b486a169f8eb3e7f635c7232051ec48c4b08231c118f086dbe26e97a700 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140664 Malicious code in changelog-concurrently-subscription-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f83b2e12272a8e785079ce5d459cca1a904c1e9310d88115531e97fbf868592c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141589 Malicious code in dependencies-wasat-eslint-testcafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 156cd86e2d601b460757239dcc8be2e53759330ea90b0ff0ebce92acaa767702 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143406 Malicious code in hugo-tool-ignite-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd6de72519d8b5e933f1a81fc3a4e2a4588141210ebaf18faa2e37aeb8b7a0c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144120 Malicious code in karma-spawn-webpack-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3ad02d4f568f1f8a2b8334848d681a29dba0cdb833d11bd39f564c54fbe6bce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147596 Malicious code in sagitta-express-reveal-md-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec668e95fec75e52b44abe1d7cdc557d71c98e8c073a395a85f274895955b865 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149189 Malicious code in vortex-postcss-loader-auriga-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d10ce1ac30588bafdfef6bef36489e659c355f7c931e391a7ccbe7e2dd3712a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...