MAL-2025-144095 Malicious code in karma-build-sass-loader-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a0a1706c5747b57ad2a3fafbe469c5561cf6c547799ef10865bda8f35e773b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149189 Malicious code in vortex-postcss-loader-auriga-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d10ce1ac30588bafdfef6bef36489e659c355f7c931e391a7ccbe7e2dd3712a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143313 Malicious code in hermes-css-minimizer-webpack-plugin-local-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e2c81158c907717901718ca894e86e52cd0ff7bb06409578ce68b8cd5a40ca4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139785 Malicious code in avior-semantic-release-prettier-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad1bee846b0039c60e0e0057b6c29b031b648b21ebbe632243dafe96452cfc5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145686 Malicious code in npm-norma-remark-cluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e12b4a51a9bd51375eb46efadb9d9a3ed0b9a9efa29da69be155f816c9b3e347 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144846 Malicious code in mensa-cosmiconfig-sass-loader-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc4774c2b116959c2ccab5c6bf4747b653d6400e83e7a4849c1bf7bb83e1d7e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147038 Malicious code in rate-limiter-google-halley-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4386b673d0345f9098810f5fc8d9358c549432be9c1f07dc0a24c3c44911e963 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in start-husky-nightwatch-mira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20316704e355b8f90ebd7ca6957fb6a2bac05276f95761d8281561f3a11757a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in telesto-zephyr-cache-vuetify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33571405bfa84576d662602f2683b141983534b474d08b251713f2786dc45183 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in charon-mongodb-webdriver-manager-comet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 719507e78d4a240a81ff2a2584debd3766c64620848ed3e73343cdecb3c0d3ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in perseus-magellan-cosmiconfig-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 894871c32dec81809809ea575078f376ee66a5c707755a567776c6915122c4e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140210 Malicious code in bulma-config-kinetic-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22186b486a169f8eb3e7f635c7232051ec48c4b08231c118f086dbe26e97a700 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-138955 Malicious code in puzzled-olive-deer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 000b44c3eeb8c6a0e1289b0d1f78123ccdfcb7867e1241d926793c15507041e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139006 Malicious code in silent-maroon-seahorse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d342cfb1987492d9e7393acd466c73c662083385ece71ef299510ccb7f393ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gita-tiwul81-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c807748012d86305c12551a46cc9830de07db42fb77111f0b928e723bb542780 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dewanto-buburayam8-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49a6b973bc3fd8765f5127c65c9a40c3ae2cb55895502c1245ebbefab9ba00e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in irma-tahutek2-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 227cb873c57e1eed2eb867288f56c799f397506eb0d2f92cfa7802cc20874705 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dono-gepuk2-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2c33b4ab98fb415d87058eab52ab1e77308d29d7bbd08c03e97c768e1e3f5d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in qori-gulai63-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c56816dde137e6ef985ac0d96432f2dfc515e16719402ffa46c5b30b3283823c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-132847 Malicious code in dian-wajit95-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b289a7ee6f8b35d3ba245bbbb04bc4a459c9aad3f4d08d903a0ac1b825856c43 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...