MAL-2025-149882 Malicious code in zephyr-charon-draco-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74ed338c2debeeda0e1406d49dd402a5cca90b1cca0aa88d2480ec73c64a6d2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147071 Malicious code in react-bootstrap-polaris-prompts-duplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70ab5c4a923aa2e466ecbc96e0eac3c8a5009b0e4895c85f60cfa56187d7f5e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in janus-jekyll-parcel-dotenv-safe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e089175016e2fd98fcc7c70267365ac25096a7d0e92459ca5ba25280086f96c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in umbra-fomalhaut-cypress-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e610ac0879d7d61e6f41f0587dd9f753775a9d82956e80f4a8a486ae1f56d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in halley-vulcan-nightwatch-nashira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c5ba8459812b58b3adb0a734a6bc6f6acbcea1e099036c9801ce7b9bc035bfc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147791 Malicious code in sedna-request-epimetheus-optimize-css-assets-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cfc4ec996afc99ef0c7286e1d678dabc38dbb28ae29ca34a2a35855556cca19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141723 Malicious code in dotenv-parse-variables-gridsome-alphard-draco (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628a27e67aa9b7cf1b20fc8c732eaf132e775a099842505ee4c045a2d1c99569 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147129 Malicious code in registry-gacrux-heka-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da988ac05bed7c870b67b3a2195b3e1313acf9eda1348088471a4806c0f16796 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147688 Malicious code in schema-arcturus-relay-hugo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf17e4c24c9b9e673c663e399ede376f3d5a92e1c679fb3908cadf2fa7bdf2cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145339 Malicious code in nebula-dactyl-meissa-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fadf6c26d618a6dc56352d25d762925947927db5f5ea0134c63e3dbdf0bb2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142074 Malicious code in envconfig-halley-despina-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48934d339f8bef386426802ada777ff1e8a39e39111d761252b18c165fc55ccc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147008 Malicious code in quito-websockets-aldebaran-oberon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f2c0e4c6679ae7c3900d74f8599fae88292ad7ff7599639ac76f3bdf64e5c77 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144917 Malicious code in meteor-janus-await-airbnb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dc9b9ed01714f5ed46a16d16f8f9fecdea619e151dd7ff7dfb534084044ba4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139342 Malicious code in alphard-test-dactyl-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dac07eed232bd602bb75c1b252ee185d4d14cbfb07298839ba8056d35a032c7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144523 Malicious code in loglevel-xenos-child-process-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89afd7046dc02e65e205937635f26c7474c3f5c9ba7e19863cb1fcd4455e0cd2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148569 Malicious code in test-css-minimizer-webpack-plugin-betelgeuse-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a458dc1ac56e93a769b5ee12b7dfce2a272d1d772247ce5792ae25d97b27dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149676 Malicious code in xenos-framework-semantic-release-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bcfb6a70cc74a7a285327bc1e80fd2bde9efb27de6de8ace88cbb4fd7376aa0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141764 Malicious code in dotenv-safe-non-blocking-bellatrix-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23f3a0f41e22eeffe8e03617d54458f2fef81c61cb1d871598a3c4f76542fc27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144593 Malicious code in lynx-install-nightmare-private (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a2c2a613c90ca0489c2936c1fe6fb8e684de8d92be0fbe95bf566e4f08e45e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139401 Malicious code in antares-cressida-astro-deimos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a083a2e240bd569f359ce0153cdcd1078b75e23b0cb92a3fab70d2aabb5c2194 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...