Malicious code in mdx-loglevel-meissa-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 909e4c33893b2a01e7ce57de10e579ce8302c27633a661dfbed926ef6435f9d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ursa-algol-ganymede-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c303cf7884f70151ed9e6b5bf9c2c7e507450c13a216a7ce95ae230cb4f238c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mongoose-jovian-prompts-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfc21902cbbe288d44e67e91822e196ee14eb461970003305eba5225b5ceffc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jovian-rollup-plugin-jest-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f53370f26cf3478ba29cfe3709afd2de86c87b49aacc771a6ad02106cda567c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rest-arcturus-io-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d0b8686eed7092e318656016dd7a3307ce443b16ea6fab1ef179d685a0e7e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in restart-protractor-quantum-pino-pretty (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 308e46b472bebeff2efbb1fbbf96060ad0fd6c95e3541493b9965e62b60eca29 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in proxima-process-grus-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46e2ea0253eb4cbcf28c3e8526b146995a264704021ae0f5ee845fc8dfb8f84f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-colors-hapi-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30be78f711f92871cf9ef17406d921ae42feb235c2054887bde10f6c7e489426 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mocha-andromeda-castor-loopback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 929e6cb843cb440dd09ec05cefcc35ae1d4ca70fdc73a2c735b543f582ccde8d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prompts-nashira-pulsar-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b34b2df3d4a4995a17928a35dfc555917a0dc66c1262a3ba9686778acca2a992 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in buffer-oberon-dotenv-parse-variables-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 349ea019c9a2411a49ded23e230d80740483a2acad4e82584b01da47613be386 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-pretty-comet-apollo-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce0fc55dc02578c07a1ca82888f7559c7f7490d510463dac842eddb8680878a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-lyra-stop-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6de05007ded0357f96c6580f461bd2d5f802efa82ccee17f4206e5a4433c0b76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ophiuchus-publish-charon-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a859855906fa5998d0602074884a3f159e91c73027f4acfd3770d9a1b8e1f650 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apex-magellan-winston-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52039775c5083912cc2f65d59589cc60afe8445d9510280b6907bc13154e2861 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cache-npm-terser-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73495f3f6d6f890c5217244c23479680bbf04462af47a50c402ea11b7e78792b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yildun-command-chai-airbnb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdd633c6313d4b9c28b2101444cb08386db672459f194e7ba9bcd01f32efb480 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in babel-auth0-castor-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d78dda6dd9d98eba1091976353e8dee3850210f8c8f25cfca2de9027e312deda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149855 Malicious code in zenith-mutation-enif-pyxis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 212e28b1fde526e80106961c1bd090110c3ea00225817c67a83323d30157c811 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140750 Malicious code in child-process-lint-staged-less-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f62ba95efd3f3ef97d0e9b721dde58dd83c79c4eac6b6f8b08e9fb792462089a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...