MAL-2025-147076 Malicious code in readable-astro-npm-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c647e05dd037905883f77cef6440b9ac81382f0ede90b58ede2e43bfc6a99a88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141735 Malicious code in dotenv-parse-variables-readable-dactyl-dorado (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb3fe8fba115d5787ca57c1183f16a661fb0dd62f372ba2f47737309bd8cd39b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141423 Malicious code in cz-conventional-changelog-kastra-rollup-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38e9525cff2d4f497c1e161782ad3e5478832085c188b7182639221632cc9fee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142844 Malicious code in gatsby-geckodriver-registry-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e691b494fb554671ca898f3d2640e4da6553aec0748d059613a514ed6b731bd3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144964 Malicious code in middleware-schema-venus-solis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93c9d42a35eecf79615d3e6a383a4660f2e51cc22fd1bb17616a609764d1b1c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149022 Malicious code in upgrade-neptune-arcturus-wolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 446e51fa447d1487822c19c02f2760b8f64761c7809b2671ffe92a6b1047b144 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142242 Malicious code in eslint-plugin-spectron-csv-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4186d0899623ecf21329b54ac8cfb81a5c3d55ce143400e9dbe0088a6262051d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140265 Malicious code in cache-centauri-cz-conventional-changelog-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a92689d8d98e715e231fb794099931611e1145398c0c800e2a085a77337001 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147502 Malicious code in rollup-magellan-hapi-puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3490d9c59832ca44c7885eff71bfbba3bba091d61f91ffd6962dbd3829a1f92c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139648 Malicious code in atlas-mdx-pyxis-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf5d4a569c36cb93cfe22fb3e8dcdf66e0ee3ba72263a1ec085f04238964a5c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148039 Malicious code in soap-vega-hydra-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fe645bba34b0e4e8d58c3cecb6d63b49c6452156e804d022ec335a18e9eac1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147416 Malicious code in reveal-md-mdx-geckodriver-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e66a65f7c92871312341129ec9fa61d291bde4e1563ac61a81dac4d5fb3e7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144549 Malicious code in loopback-framework-loopback-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b27e27c7246783d05331bd95e459820ecd9975b3cb5f76e1d50febbf6d07d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145333 Malicious code in nconf-winston-rigel-mensa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57818656989f84e68d0cd7543eb5cd75f822505d7833f4de2347d782cea86674 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149601 Malicious code in xanadu-miranda-fetch-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cef337b74baee56faf0b2022c88234dbf3f417113cf143aa873275ff626573d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140259 Malicious code in bunyan-vuetify-apex-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1a8d46cff109bf2f2709cdfa691b1c0f42309b1a882f34f95bbbb32fbe05844 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cypress-triton-figures-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e40687e2b1c78c0049facd34b47a11d95a0ff976f87f975c19d508f58cb799a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142159 Malicious code in eridanus-wezen-module-unuk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db08aa8da6ac73487e2363d886d20ce680b382956c29cd219ffbbe067a61d4d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jovian-rollup-plugin-jest-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f53370f26cf3478ba29cfe3709afd2de86c87b49aacc771a6ad02106cda567c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148394 Malicious code in supervisor-koa-carpo-hugo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55f40ca3362c00eb7e70891962c78ce9e0d9d03e32054fe87cdd6b6462f04d7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...