Malicious code in phoenix-lint-global-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b343b3c7c23c80fbb1559d9e971d309967cfca013ab9173753f6cbf65fe92735 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in materialize-europa-install-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c34f5b580e515d57b2f97959e41b59126793c501180fdc1ce97b11c5f06699d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cygnus-schema-pino-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dadfaf6400f24675483af5af45b3679d0f5854fdf0ffca88edf168e4aea9ecc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-hexo-process-scorpius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7b50ef2bd3d40f3714e6f6d474a137cab45143d7cab9e3fee3d3b37879008f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hyperion-hermes-xerxes-yakutsk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb79ac3641111993364fd68a5541c4fc3e81faf66fb042b2aa4791d8a1db7eea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-nashira-jwt-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9bf18553cd953f1d19f22d31127076ebf2b653282b3fed5448e26827af1d5e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in altair-tool-async-passport (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8df7ac2517321d627a4a92a8efadf37ff3d48de62cfe0c4c274c0b5083e53d7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in elara-aurora-yaml-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b510c3be7a7298f8e915c26ac8fb7d1fe488f01e6a722f87091f00c11084ea3e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cosmiconfig-nextjs-tailwindcss-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cb61a59a4c5387bf62fb5b1b0c1e546a26f65fc5263ca200c39bad00b2c76c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dagda-convict-nova-mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52298d621a66fe7a0eb02409e2c6b190bcd68b50065d077d4702828ca83313ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-graphql-lynx-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76e47a09bf599119403a4a06e83d5c2c92012f21f17c5765ebbdfc8c4b82bf19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-staged-sirius-xo-juno (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e17f64d7f2c40a23b7372bb25ea8330f1abf134122c1dbca12aa0be572e7394 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in json-algol-antares-mutation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d63c510d3d3960c943e308a47987df9ca39faffaf1ad6c29a13497998b1ae469 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in library-quasar-andromeda-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9782604e3784bcb5e592be57c38e46ddb5fed0911cb299819acd350f717316cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in link-async-global-reveal-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf9b45fa02a6e71ab581e7e6ce2fa292132a4030cd9f32985377b6f7eb975e24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in semantic-release-native-server-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5336a6c3d9a01c4a7de4e23e1c2ab5097ba50ed71354ad08b9087041207a29d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in npm-ini-helios-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ce669b34e85d458db538df813a9e40ac3efc5db9a1822aba0115e582777b186 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nconf-hercules-prettier-stylelint-slides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4de94077beec0f658f2376273e3937aaf74f02106107d2330e2ef39e87bfff2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in metalsmith-yakutsk-juno-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe7d8857f1269646d020d61a230349856e619bec10f9307c2ab5843d8f509f17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149258 Malicious code in vulcan-umbriel-jovian-radiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07d06f26e3082cb1c1ae58325b21f22029f52104bff9713f2a6c644765e77df0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...