MAL-2025-140178 Malicious code in buffer-virgo-eslint-plugin-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a9404d1108d6ebae69e8398bde30e94e093d70c651f9acbb8f4610383a52ec0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in winston-gatsby-zenobia-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4539e20771a5e14a396382185985a89fdd823182f16cf3fe399f24140d7e8c4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140745 Malicious code in child-process-fornax-ophiuchus-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e62e14ba578f9389f96c9befb8dff2098b3c6d0e1be62aca0d7dfb57d570ef2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149683 Malicious code in xenos-link-spectron-webdriver-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25d936bd89ea3139311a716abf71d65c328f400082c13300bfcb336b946e2976 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140750 Malicious code in child-process-lint-staged-less-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f62ba95efd3f3ef97d0e9b721dde58dd83c79c4eac6b6f8b08e9fb792462089a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149081 Malicious code in ursa-xerxes-betelgeuse-semantic-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 486ffdc34eb6aee276dd8cb1becca10cf998b6e3f73a94f7fde812b72734c913 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142426 Malicious code in farout-sync-regulus-node-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab15b377e01838c81e48ce3e12a9f793df1cf6f08a8352491c27361e3411dd96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145332 Malicious code in nconf-ultra-phoenix-kinetic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23544b478756bcc91654d2d0acd95386311f1aee22d1468ec6edb87ab4e4412b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143569 Malicious code in indus-mini-css-extract-plugin-mysql-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a86d37654c305f1ca7d6d2332f990117367cfff2ea43380f8079134bdd6b73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jabbah-aether-heka-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be60625e4315cdb6c9c73d8ac61b43d26e1c358e30d28b381c9ce97b78e7a6f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143511 Malicious code in ignite-cosmos-nova-farout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bdddf260c4fdc700866bb9a9454dc8bb26b7025a28c621db874b244adb44c16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143284 Malicious code in hercules-ganymede-geckodriver-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e914d6e241186d4d4fffda8309b72549ac5b2e3b99f0988811112760f04dc348 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144418 Malicious code in link-ora-loglevel-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81750155f6317d515808884158c0219879bb3a01bfd1e4f522848f357c7a422e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142030 Malicious code in enceladus-less-sequelize-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87dd86c89012f1616e0a7032f0186a19eb0fd1c205b97a3e6905c4d23d66e9bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146192 Malicious code in phoenix-achernar-nightmare-eridanus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86f07447b95996044d818408fd7d4494a3352f8ff4efff391f36f14aebed84e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in auth0-event-winston-alphard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eca62e2d6414ed0efda22dc45da9e9f2d5b43e9efcbfa092dd84761726126c51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146372 Malicious code in polaris-stop-build-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a373d1a5eb1fb842a336b3d3996d1ff50d85dbdbcf45ce246eec4e06c9cda3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147318 Malicious code in resolvers-bellatrix-jsonp-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85843142028b8d29b219b1af7c43c167dc226099b6803ab77b73bedbb4a5f9b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143775 Malicious code in jabbah-despina-ganymede-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c08487eae01616838ee0af25f1ec0f33d36b67a802b28b68bd65cce837dd8369 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143227 Malicious code in helios-concurrently-cordelia-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37d1a61aeaa8f56ede95ca5d882127a27805052f7d01472844a30ff0ed9d2c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...