MAL-2025-142436 Malicious code in fetch-celeste-link-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd7a1846ff262e5c7b508f4b84abf81c837205c5ccd7d9dc7f3b32ee0d35ea0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142787 Malicious code in galaxy-centauri-iota-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a152542847fd6e29764406706789bc7deed6adcdaafe04f284d237d422af5695 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139628 Malicious code in async-json-metalsmith-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3de2ede2b17ab92f94ebfb9bc3a04946b83f63dcaaa1578e8dfc673d1438ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146571 Malicious code in process-spinner-node-config-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10975cf9d208a454c4ec8cf4c7efbfe081c6fb8ff9695c78c35d806391226c26 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141446 Malicious code in dactyl-lint-staged-achernar-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f920ff036cda7e2b9c2eb43fd7bfae957bee9711f69f147fa6680168f03ce46a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141827 Malicious code in dynamo-jwt-figures-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfd3975230bea9be10d63c55ca1aad40d879ee3f650bf54db20e9824353ae13c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146790 Malicious code in publish-jekyll-miranda-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6feeb4b563ffc117fcba1336c759485b16a38dba134d42144cfb8a11dfde6d47 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146320 Malicious code in polaris-alphard-sequelize-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7988b1f08d0bc2a590a8e320ec2c4eeee3fd6b264506c79c02671ab18b9c5481 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146262 Malicious code in pipe-dynamo-nodejs-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa9dac7feb2c94e2e98f30abb6178870ede5b7ff4102a2d06705e6c6e7f5490b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143284 Malicious code in hercules-ganymede-geckodriver-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e914d6e241186d4d4fffda8309b72549ac5b2e3b99f0988811112760f04dc348 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143227 Malicious code in helios-concurrently-cordelia-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37d1a61aeaa8f56ede95ca5d882127a27805052f7d01472844a30ff0ed9d2c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147874 Malicious code in sequelize-neptune-await-metalsmith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abc82087e1ae03780085eb9f9224d3323f0d27a4b7a3782ee393c109ab082532 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144800 Malicious code in meissa-cordelia-ursa-bootes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 131c53abda90b59bac2d95c26135113d7fdc21f8cd455eef5df21ac017aa8f5b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149227 Malicious code in vulcan-concurrently-webdriver-mocha-grunt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02af8e5f5322a6dd20faee018c741ee859aab71d39ab4c17c10a576073f4f1f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sqlite-orbit-xenos-heka (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c86265633b4b5b2fd5f73dca2afde3e2809e8e36c6b6783188ef1057a4bb075 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148767 Malicious code in transform-lyra-run-script-cosmiconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bbfac3d27d5e5585da3acb64aa34cfa3abf68b3bb6b10150c197fca788b64a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142153 Malicious code in eridanus-nightwatch-draco-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 897faea076021827c61bfaaf49e286cca7ae17bae43b9fff7e94eb35c29e8b52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147719 Malicious code in scorpius-umbra-electron-builder-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 862a2349ffda24c475fb6b50662ed3b2a243d7c9031ce530c284e46c5f71a68a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140552 Malicious code in centaurus-rimraf-install-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a20fc42722644aab92bd2ddc6bca3420470cac4cf0326c16962a9a81849fad0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146372 Malicious code in polaris-stop-build-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a373d1a5eb1fb842a336b3d3996d1ff50d85dbdbcf45ce246eec4e06c9cda3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...