MAL-2025-143318 Malicious code in hermes-halley-semantic-release-rigel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43f4bf20a63aa1206c571e19342f1474a9c38e5a1ce3b738b8fa656461386a13 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145294 Malicious code in native-quito-venus-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22cd3182705b88c0e14381b43792c9118b4bafb5d433ada79eafddb31bd3afa5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147076 Malicious code in readable-astro-npm-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c647e05dd037905883f77cef6440b9ac81382f0ede90b58ede2e43bfc6a99a88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141837 Malicious code in dynamo-sequelize-hermes-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2e59e09926ad401601fd6a02322162da69959133ab0d2524b3a52697d3929c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147290 Malicious code in request-cordelia-cypress-spica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e66fb1c730dec97f29ade6b1d6795405786d119efa2bdade8c8b96b568991474 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139252 Malicious code in airbnb-colors-sync-hapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7fc7d0428c018b9d34e73281aa3acd0df3ba2771cef2f568249f03b9b919a9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in grunt-yonder-deimos-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 657c6e0b8ba9c37ed100526ce7ab1585a7dbf6b20cf7500fef47c4c6d1dd1625 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ophiuchus-enif-scripts-prettier-stylelint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03a88a2d92d1bbec97dec9e6e2c4653bf050e9a037ea9989b88419bdac73c4dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144549 Malicious code in loopback-framework-loopback-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7b27e27c7246783d05331bd95e459820ecd9975b3cb5f76e1d50febbf6d07d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148525 Malicious code in terser-lacerta-fornax-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ecaabf67e4ca63e7ed7cd2efc1fb0825c047c0992c99834e76ac9cc4bc61a70 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141611 Malicious code in despina-winston-optimize-css-assets-webpack-plugin-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0e0f37ee094b8b166260740fe127d4299bc7ca81d422620f1610734025e8e2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149427 Malicious code in websockets-solis-eslint-plugin-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 127e7780d8d19e0da2569909fab63b7acd7c8241049ab9c677f1c1aa30604d2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148311 Malicious code in stream-bunyan-selenium-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bbf6cfd3f3b1fe6e04e80d1120452bdc3262f19277791c0d067efd9c340506c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148971 Malicious code in uninstall-sync-apex-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 189409f4dc200c6e26d27168dc6d08f0262204ea0a085b6a5af402e6a94c250d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143238 Malicious code in helios-procyon-acamar-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b1c78fe3d841cbc1ffd9d974980201998e5adecf1b4254977630cd35006ef5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magellan-dorado-puppeteer-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f3238269c2f191b403634981c58aa5ffe63bdb37c7dc0633c090a4c8b8d264b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-quito-norma-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eee947f96603b2eccd772524f01f17bc2300762074cbc270bc6b8bfb89dd1cc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avior-semantic-release-prettier-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad1bee846b0039c60e0e0057b6c29b031b648b21ebbe632243dafe96452cfc5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dotenv-safe-nestjs-jest-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66ed3cd5df3b5322f2a5d0825228171b515a648d59576428600d2715421605db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147059 Malicious code in react-bootstrap-europa-postcss-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 190857e6da478036668ce13c9034e9c2c0db6a2eff008b51a0e927f06f540e92 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...