MAL-2025-139199 Malicious code in achernar-hexo-betelgeuse-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22485d24156f5b7a844676474ff062663cacf70de836551462b306a1bc5dddbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143644 Malicious code in inquirer-cosmos-sqlite-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62bc7f48dbc1cbcc3b88ab693e3d514765eb32df9b7bd5a8c673dbe9e7371df5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146366 Malicious code in polaris-shelljs-jekyll-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de091a3968f27ce74c81fbe514c2fa98c46ffdd8b63a1a10948c72140895732c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120854

Malicious code in ursa-shelljs-buffer-rimraf npm...

EUVD-2025-122008

Malicious code in shelljs-hydra-element-ui-supervisor npm...

EUVD-2025-122010

Malicious code in shelljs-farout-indus-version npm...

EUVD-2025-121993

Malicious code in shelljs-ultra-venus-stop npm...

EUVD-2025-124010

Malicious code in orbit-pegasus-sync-shelljs npm...

MAL-2025-147927 Malicious code in shelljs-sagitta-forever-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8520a636888d2b5c6bf4dc6d1cfb48b131a6cb2490a7d3d5ada301ab554f0e6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122666

Malicious code in remark-shelljs-phoenix-sedna npm...

EUVD-2025-123110

Malicious code in publish-schema-scorpius-shelljs npm...

Malicious code in delphinus-ariel-apex-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b947a9067e09e6ea0296b684556baf143d2ae93eb8a8041dc79efe79f7e54ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quark-colors-auth0-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33ba7f415d5cb37f209299599f124041b0707adad331912f2dfd0d7ca5470e4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112469

Malicious code in inquirer-cosmos-sqlite-shelljs npm...

EUVD-2025-121179

Malicious code in tool-proxima-shelljs-corvus npm...

EUVD-2025-122009

Malicious code in shelljs-heka-sass-loader-gemini npm...

EUVD-2025-122006

Malicious code in shelljs-jabbah-prettier-triton npm...

EUVD-2025-115822

Malicious code in cache-shelljs-europa-kinetic npm...

MAL-2025-146738 Malicious code in proxima-shelljs-rate-limiter-standard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3dc1868def93642482dc1cde7445a3203c79d579a7682f4e895658766993e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in shelljs-ariel-ophiuchus-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 693053840c257ad600fff44f093b29ccfea20e6067e1597aaf6f8e47ebdb03ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...