MAL-2025-141816 Malicious code in duplex-octans-proxima-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63b3bf319b92e4a0abaaa40adf046cf088a33ab1547bfe298f363a01dbf049a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145346 Malicious code in nebula-mdx-polaris-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b597abbb8f843368a4693e7ff646c15e6d201318b0ac904a36d5fd327456cd0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147564 Malicious code in sadr-jest-tool-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 925b1ba67d5b197bf2456562535ef44ea74362f49ab6741457c03efadb057eed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139660 Malicious code in atlas-terser-uglify-js-solis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72bca524c147bbb2c84bb99e0bf53400154dfe38d61b8b5fe6311f40c3c42645 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140447 Malicious code in carpo-kinetic-capella-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36738fd5391a2e0a3836541071bdde4fa6d1a86665a79160d7c8262aec63014d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145773 Malicious code in octans-juno-magellan-rigel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c8055fa385eb1801b30877d2f32660100e939a3a9190474814127bda71f996 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143433 Malicious code in husky-xml-kastra-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7f9c2bf1b1dde395f39bfb95800a0f14b8fd95f06ea2bbcea41cf3fddbcc839 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147719 Malicious code in scorpius-umbra-electron-builder-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 862a2349ffda24c475fb6b50662ed3b2a243d7c9031ce530c284e46c5f71a68a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148413 Malicious code in sync-adonis-rate-limiter-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5dc33b4b091bc26ce6cac112f885cbde0319831f4fd7aebc4e645088bf967f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141347 Malicious code in csv-markdownlint-npm-grus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e73e26256761af7533779186f15b847cda32f6523b5e531c46bdd00586275461 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145157 Malicious code in mongoose-jovian-prompts-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfc21902cbbe288d44e67e91822e196ee14eb461970003305eba5225b5ceffc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145439 Malicious code in nightmare-janus-europa-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 103b72686f6c75739969098184b39eab91f66b52806609e70c348daa79d310cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147295 Malicious code in request-hyperion-gridsome-unuk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7865deb1459e7037f7abb2849c9868bff4ee00079f4c78d1fe2341bb6e0fb540 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140902 Malicious code in command-fetch-sagitta-pavo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886152bb1e80cce3c0d2c55fd7465b1020c44e96c881ac2cf8721beb2ae0b97e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149211 Malicious code in vuetify-ini-framework-commitizen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd1ea7eeee9dc7efb74efdee65854ad1c7cafd35be5c51a28e7a4f8938efa4b1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147938 Malicious code in sirius-ceres-fornax-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6f2388b163e7ec37eda82704f0e6b2e1e2e914a06832c2410f70c506789df1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144306 Malicious code in less-avior-cluster-callisto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9b87b5755da3a2aa56d12c98d5c75a72ccbd02ee573734ad5fdd4006af68af7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139808 Malicious code in await-spawn-galaxy-spica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b43b63aa9b116de12f98fe72753cafc805de0801861e451fb794650f62b8952 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139254 Malicious code in airbnb-gacrux-concurrently-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f902fe71cb86fc56849ea755fcc2c4cb1b0f2d2b8b5e2ba0e79f9a3113e4a17c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142947 Malicious code in global-phoenix-proxima-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82b3a677d59c058e2af71eaab296fd60aaf80c2a9b6c75c08e4ed608913f6598 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...