MAL-2025-147295 Malicious code in request-hyperion-gridsome-unuk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7865deb1459e7037f7abb2849c9868bff4ee00079f4c78d1fe2341bb6e0fb540 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149330 Malicious code in webdriver-manager-nodemon-acamar-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8c7523b07c5d46134438bea9a859da7b275095ba7d6aa313e5e64977864977 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148525 Malicious code in terser-lacerta-fornax-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ecaabf67e4ca63e7ed7cd2efc1fb0825c047c0992c99834e76ac9cc4bc61a70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139660 Malicious code in atlas-terser-uglify-js-solis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72bca524c147bbb2c84bb99e0bf53400154dfe38d61b8b5fe6311f40c3c42645 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141361 Malicious code in csv-ultra-wezen-astro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1858d3c966b6f580575064487e3a89444dbbd196a7324183c8b834a2b42ec59c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143455 Malicious code in hydra-sails-jekyll-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b19940a1065baf15cee8db0d01a56f9abc980f3d4d7673e36aa7d1e8a696b1b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143775 Malicious code in jabbah-despina-ganymede-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c08487eae01616838ee0af25f1ec0f33d36b67a802b28b68bd65cce837dd8369 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147917 Malicious code in shelljs-jabbah-prettier-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18bddb61334ea6ea4f7e9292f748f24c0720d8c767b4577db5696e9b37bf0c91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140807 Malicious code in cli-passport-iota-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac1c96bbd01bc353cd4d6dd7efc63eb0ebf5878a52296eae35df15e5308f6326 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145059 Malicious code in miranda-stream-node-config-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10f00153d17388eda7368ddb1063159fba592d0095acd6f9565936c4911657 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148391 Malicious code in supervisor-corvus-css-loader-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e717c0a7c2be48cd214be01d42a303508b2d0dbdda6904c59955d4168e4f36a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145785 Malicious code in octans-venus-fetch-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7185ffd095e4f4b31889ffa376123541f96ad34c8939f74a4f4ab17f5905aea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146046 Malicious code in pegasus-publish-mongoose-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ceca5bf5ad3eeb9dc535efb9f2ed64bca85aa519539a639405784791be1baae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143970 Malicious code in json-development-publish-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a13ea91c3e39772484aa02c1e2b6604be57894e72701604e225fe0423043eaf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142330 Malicious code in event-transform-electron-builder-draco (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ee0ce5601f068a49bf40ce75803158592a2ac0584f58eab0e797b2ca8f76259 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144425 Malicious code in link-solis-promise-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89f3c59989ecc8eae4a83da38af7837d57dde9a10c501c636c5a57588afabd2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146320 Malicious code in polaris-alphard-sequelize-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7988b1f08d0bc2a590a8e320ec2c4eeee3fd6b264506c79c02671ab18b9c5481 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148227 Malicious code in sqlite-ganymede-jovian-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e769bd671055035cea71893fdb0a3a7e4aa2012e5d37a9d0e0f609d74b13e81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140908 Malicious code in command-io-gravity-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b85d428b46a5347f6003a5b341f4bdacf76a07ecde08559de977319a4130e910 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140691 Malicious code in chariklo-avior-corvus-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d479fb7ca74832c2b78a20baa9d8e3c6bde1afd6816d629f5ea11d482c9805e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...