MAL-2025-186640 Malicious code in draco-hermes-betelgeuse-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e3e9fa277eb2731d2e5d6b112e3c7dc4fcd0328ded4825757ce1929bf1fad88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185475 Malicious code in antares-superflare-transform-blackhole (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfc769b1580800f4ebc00cd8783e50ddaadf96f84d38a38a02162fc2ce41da4c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186477 Malicious code in dagda-tectonophysics-materialize-astrometry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04d94becdcfffe52289f147971a2e0a66cae9cf2667f79896b09d344f352231c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185464 Malicious code in antares-cluster-ursa-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d84a4b00a7033fc3fa3800a11c657e0a534a6b461ccf0deda2a4f531f6b3468 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189029 Malicious code in quasar-capella-bootstrap-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0bc1b439777658c1074981b53aaec6921f57e4b6f74d04257402b16d4c5734a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190328 Malicious code in winston-adonis-dotenv-parse-variables-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f796a64813b30c1c12b1198d74b70b219329a69f9abb0697a70bb9cde818dc7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189350 Malicious code in sanitize-sed-transpile-analyze-sandbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0255f3ef4a6d499d802e5dd3e1c3ed31caeb68c77cd945be657b3bf65f132070 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187115 Malicious code in ganymede-volcanology-meteor-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 439f5aeded04421261b5e44959256e95a019859e49ea507d43c2521ec92cdfb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187129 Malicious code in geckodriver-public-paleobotany-telesto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cd54efa4724d44aff0fe9aa5a62b9fc47072ffd0871a2d90ea2287aa4e62776 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189276 Malicious code in rollup-plugin-start-galaxy-neutronstar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6f6f9ff2255f568a5fe51812bfe0074491bde1fc7e58142a7d271a74671ed39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186158 Malicious code in class-debug-private-decrypt-slow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a04a06a34b2a6897164af73ecf02e450c652a316afea2fa8968c84edc0726e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mysql-quasar-nodejs-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ebd850e11f96234af50b605f1a2c8caa8de160561576373c59874ee07222b79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centaurus-miranda-meteor-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f9dfde358d6a071c63d8cd5d8c57a54d7e60b2c7c26ccf05411518e4daeeb61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in async-proxy-dog-refactor-nu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78283fdf99d15a789e89ecf764e0adce1a1d5dfcc1e09a6d26d5eab8b9f4cc58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in moon-new-cloud-mu-cat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7213659a3b8201c11de4613fcf1612a6f3efe3bb58d2c69ab5633e9f00655521 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in electron-builder-kaus-non-blocking-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc97f9ddff3d836878325e761ded0213655d4240acbfa676ac68ebd722f29c61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in darkmatter-pegasus-optimize-css-assets-webpack-plugin-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5049359bccb7733c0fd183c777b326ee012861cd33a678a63ef401518ecc37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in levels-lacerta-entanglement-entanglement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16642552a6d597c86591a4a1cbb8f43b1ad3684cde6618a09349b8f72810b1d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in elara-jovian-dorado-biogeochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffc0a55b1c53c1fd2c1886e27d908c9c4f143b5f167960e36e22de36e35aeb7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in build-eleventy-deneb-gemini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e60f9254d7e112b0cafa3f70a3f75b052568cb6aba5c5b36c30ab0558c2b06b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...