MAL-2025-146193 Malicious code in phoenix-cypress-bootstrap-webdriverio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a728232962e524201812cf8b81e1af61d6b898e4d49532881d086be26173b26 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148615 Malicious code in tethys-cypress-spectron-titan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 988f5b93fcef7a82e01b3fd236a72124b874972ae27458fcb2eabd14f7bb9eb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141901 Malicious code in electron-builder-galaxy-xo-pavo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 983d68e18af0c9e813a4c53e6575cb1fd6bb2c75a355ca8f5aafe8afad1b2344 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146571 Malicious code in process-spinner-node-config-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10975cf9d208a454c4ec8cf4c7efbfe081c6fb8ff9695c78c35d806391226c26 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144549 Malicious code in loopback-framework-loopback-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b27e27c7246783d05331bd95e459820ecd9975b3cb5f76e1d50febbf6d07d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146266 Malicious code in pipe-prettier-stylelint-fomalhaut-telesto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67ac29fca3ac3709645dfc3f811b8445f16d912d8a52b86c2ff781007970a518 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149081 Malicious code in ursa-xerxes-betelgeuse-semantic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 486ffdc34eb6aee276dd8cb1becca10cf998b6e3f73a94f7fde812b72734c913 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145417 Malicious code in nextjs-iota-hercules-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 645cceb630baacf494c208f488e2350a32af0532843877e7e691528a0e4a3949 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142435 Malicious code in fetch-bootes-concurrently-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a73770f8dd611198563c5d0eae11af04fd9b01fbc2d8ab53e3b77989f6c6ac36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139994 Malicious code in betelgeuse-node-config-webdriver-mocha-auriga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a6bb0a98922401bd6403c8a219e0615fc5d749430667d02d1d7b9d26dfe6227 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140663 Malicious code in changelog-bulma-meissa-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0babacd4b2202419befcc339789b9595da99bbc780c6d678c8c4a17261fb6900 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139337 Malicious code in alphard-pm2-centauri-pavo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb818ecdfcf56998d260bdb19662ec3fd60998067d6615a5579a6ce41d7dc8ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145157 Malicious code in mongoose-jovian-prompts-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfc21902cbbe288d44e67e91822e196ee14eb461970003305eba5225b5ceffc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yildun-changelog-slides-terser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94c1e032d0ea97654da29e16043fd146101a608beb21f7b3ac344026965acdfc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in aurora-aquarius-process-grus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14139bddd24459169648f8f3d37c8b2a66cb08078a77f77089202a378f7d15e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cross-env-restart-ophiuchus-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02107644150263cb3d55bedb6b19c1c298c98e216e840814b6a277bdf849f060 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in europa-foundation-zephyr-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed8d631ffda776367c301196c5654464932ee480035772ee93d2291150ea32cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in babel-equinox-global-xanthus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eed002cb4c6101e4579e5c8032d6d32f9aba22e6cfc575876aae0c7cbb1bd2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in non-blocking-vega-jovian-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcb27650578446fd3416420d1e95bf8cb40fbd3c2fbdccdacec4319841856f97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in octans-ultra-hapi-yildun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0a2f2be72f028c1bd41566d4c6dffafff9cfd064e1de5c737a3dcc95aaebf2c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...