MAL-2025-140729 Malicious code in charon-pegasus-jsonp-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82efbf0050b8e5d9394494a4d5e819a5bc550e287d785c51d7699688618a277f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147052 Malicious code in react-bootstrap-betelgeuse-rehype-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a48502acfd313350e9d45d87806f205bf7af5f2f5fbf42dae81303c0359192b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147565 Malicious code in sadr-jupiter-jovian-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bc7e063658215b0c112e54f4d6bbd95b31dde9133123195364ac48534b2985b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144534 Malicious code in loop-scripts-koa-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8bd7851dd59a18465c76cea03c8ddae5cbf1b88a7a03c3e87200dc9451156a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145941 Malicious code in package-perseus-weywot-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33c0da3948896e0aeaffec2860a96f542c0f37b09b504217c4ebc4ab8620d806 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149319 Malicious code in webdriver-manager-fusion-mongodb-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c18743cfd4ff6c9eedea2a8176bfbb837d77317f5737a3996133ffe258edf72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139628 Malicious code in async-json-metalsmith-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d3de2ede2b17ab92f94ebfb9bc3a04946b83f63dcaaa1578e8dfc673d1438ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146543 Malicious code in private-slides-postgres-blitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5375be66b5a308c568af9c49e1f0e9f44a28b23494199dd3e641cb2a0f1f4993 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147693 Malicious code in schema-helmet-ursa-eleventy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49175c5ea031d83e1e3035759c33cd0abdb1402d03075dbd7f0e7f7608649df3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141993 Malicious code in eleventy-csv-envconfig-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef3bc58089df1fd8c787fa0c6b3f40c2656d4f1cf48409ae9581d82d97c9558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147008 Malicious code in quito-websockets-aldebaran-oberon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f2c0e4c6679ae7c3900d74f8599fae88292ad7ff7599639ac76f3bdf64e5c77 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145999 Malicious code in pavo-hugo-winston-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bfdf061a2794f8911e73a0f36fd0d80603c5fed1800c355ddc0f4ef97e5a82c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148322 Malicious code in stream-link-stop-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de89ad8c3fdaa149d9a03d02efe49afb00b14d81ec4b249c7dd89a53331f42de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140051 Malicious code in blitz-magellan-betelgeuse-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5f69b47cbf03defc947d8b791ac97a071f76257cf87a5173e97303e7d827ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147932 Malicious code in shelljs-warp-mongoose-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6018cc36beddcfdf04b6db21a67f004b60c11db09ff11b6a4015d3b06e4f15f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141610 Malicious code in despina-ultra-antares-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 819cb736fabedda7870c12df38f766380a63c50b19c79037d869d48113023350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144720 Malicious code in markdownlint-antares-development-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 159246d8d4207be330eef63c7841b4101f0e806190d6bc45b2344c63e20bfeb9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148553 Malicious code in terser-webpack-plugin-impulse-inquirer-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d74331383fd71651f9cdb11492c213881425ef996a503ea374ee428fd199ffd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140529 Malicious code in centauri-enceladus-fork-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d5f2869f338410de2308730411a08670b694bd2f33a25c6776b19a038b1dfea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149383 Malicious code in webdriverio-sails-perseus-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f54d6d3405988939147e15ad93363602512ac312efbbdb733e39a2f217639f2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...