MAL-2025-145861 Malicious code in optimize-css-assets-webpack-plugin-global-titan-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebe61f063ae8ed8ec92d894dc54ee9280ca3d23ea91ef6b081045d55199652a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141779 Malicious code in dotenv-safe-transport-corvus-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d833eb99411857bbedad036c317ede897b63d5919e73e692817feacf64b3549 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in grunt-geckodriver-puppeteer-optimize-css-assets-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57bc6f143e9582b48754cf9d7909df4b782c45d7c78a1fd54b06833089bb3c88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148413 Malicious code in sync-adonis-rate-limiter-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5dc33b4b091bc26ce6cac112f885cbde0319831f4fd7aebc4e645088bf967f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141817 Malicious code in duplex-perseus-local-repository (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89edfd1d9823ff5760892e24d7c7e222e5826fe1bd7fed01a812dbdef635600 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146186 Malicious code in phoebe-vuepress-magellan-spectron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55d4444cd67ec059751375883091c0d13009cfa6abb9484c13bd82a6e3c269af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141764 Malicious code in dotenv-safe-non-blocking-bellatrix-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23f3a0f41e22eeffe8e03617d54458f2fef81c61cb1d871598a3c4f76542fc27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142437 Malicious code in fetch-chalk-mysql-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eb1790d821ab22ac99c85478c2c0c64e0fa842b8042826889b140dcf3a613c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142224 Malicious code in eslint-pipe-rigel-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 945b68e2b23a41cfec0080ab381b2aefd14282d4ee2b94a35c51bdc20dc5ea90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148958 Malicious code in uninstall-helios-geckodriver-cressida (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be46e5e736ed22f6a90e0fd254b6547b4d2107f80b556b56dc10936c3ef7b7df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142435 Malicious code in fetch-bootes-concurrently-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a73770f8dd611198563c5d0eae11af04fd9b01fbc2d8ab53e3b77989f6c6ac36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144534 Malicious code in loop-scripts-koa-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8bd7851dd59a18465c76cea03c8ddae5cbf1b88a7a03c3e87200dc9451156a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148553 Malicious code in terser-webpack-plugin-impulse-inquirer-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d74331383fd71651f9cdb11492c213881425ef996a503ea374ee428fd199ffd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147008 Malicious code in quito-websockets-aldebaran-oberon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f2c0e4c6679ae7c3900d74f8599fae88292ad7ff7599639ac76f3bdf64e5c77 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148569 Malicious code in test-css-minimizer-webpack-plugin-betelgeuse-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82a458dc1ac56e93a769b5ee12b7dfce2a272d1d772247ce5792ae25d97b27dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143242 Malicious code in helios-vuetify-deneb-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9018411a1ed02158055570dc48502874efbe84da714416b032412d42a6186f43 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144523 Malicious code in loglevel-xenos-child-process-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89afd7046dc02e65e205937635f26c7474c3f5c9ba7e19863cb1fcd4455e0cd2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142956 Malicious code in google-backend-lyra-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b28cb62fe2a152557a0284558db91baf5657ae5209dfe3be3c536704defb5ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147763 Malicious code in sedna-despina-pyxis-gemini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d399d73429d9ba27cac764fcba3869ce6e10718127ced0ff53bb89d9614c692 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139687 Malicious code in auriga-remark-carina-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d619960298efd7b0c006a1c7b634137ff153ebb4843daa952880dc79c3f0efe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...