MAL-2025-145785 Malicious code in octans-venus-fetch-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7185ffd095e4f4b31889ffa376123541f96ad34c8939f74a4f4ab17f5905aea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146832 Malicious code in pulsar-gacrux-geckodriver-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abcfe120a273827ad98cab31f158c503440f5d7151db9b0197fc91b9452b268a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cors-antares-kastra-blaze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80905b19348dfe1664b0090e7c37f23b84afb3cf803191684c8a5a86dc2daed1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in norma-antares-react-bootstrap-weywot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cba04a759870f861ae77433b3e92b040853659b2a6f06f8e8d118c3e476f9e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nconf-prettier-jekyll-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1193615f9567405da1dc0cc9bbb83540714d24ef80292fff0db89a9eeb5db08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in testcafe-impulse-auth-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64732d5d350c59fb14734adda2ccff709e55376ab5ba173f1fea28934181bf73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ultra-exec-event-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 441716421f5d5b913842f86b85b33d31d07b792fe47e55353a179bfa02342063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sirius-antares-quito-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb14f1e0ab037152d92b6e9a004a7710057e78b13dea45ab58a2b501256a79aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in luna-module-polaris-farout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 292b22a04e5c06ed11440c18bc5d5e0de585f99420c30f90f179b1222075e8ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in unuk-sedna-cross-env-xanadu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f46ecc9ad12a0b9cd7f2d3eb400ba8eea4dd4bf8faeac232d404afb24f07801d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in soap-cross-env-norma-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2dcde442e52494a0d5949946845e37222d813bdb63b6a6813b215dc978dd951 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in npm-nodejs-umbriel-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21c976dc4e8caa65dad055cd3ea3b6bd8738c7eb21895548d493f81de4dcd32d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oberon-apex-react-bootstrap-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1970fde9afcf4aed637d9a4801d60378c96b21ba6bd3eaa788e07cea42a98164 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mongoose-jovian-prompts-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adfc21902cbbe288d44e67e91822e196ee14eb461970003305eba5225b5ceffc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in loop-xerxes-markdown-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caea6f928ba904840092e84e5064e8a5fbe2307bcbf6aaa7c91b07e264cbb141 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in loop-xenos-config-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 572238a84327d4cc87f954bf26a61102ae7406d29afd2f45bea34c346d2ecdb7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in link-aldebaran-library-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbd34c4804052e58bb8e2171574f6fa4264bdf835fb2a96269a81208d7d5314d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jabbah-hapi-eslint-config-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e9b0ecf467e4e7f27d78ea151d34cd5034fc94e10302afbc83903eab71ff875 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-vuepress-delphinus-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41d367d8ce198d4ed18d5ae4e74bd0b2fee094c74ab6e4d57f7c7b2a7582cbbc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in venus-lyra-fusion-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5a721ad8bf9d0f97cb49ca80516f83abcfa1f369087036d75d569062d51ff5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...