MAL-2025-164521 Malicious code in prayoga-poke24 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a62513a7965543020660a935d367adf8ecf9b9c84fb07dfbf3064c615a89e53 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cache-xerxes-upgrade-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 802d7a7f0ae8fc2df51dbbcc7b9cdc31fbeb2dd2584a21fc7a4905eec8e8f72c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cypress-unuk-helios-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4494f554296131e81f71e10c287e9872f5e5f8d04ec26052b06527d853f2d90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sirius-repository-yaml-oberon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95beddb139e3952dd262d123f7bac8e6fb2dcd0a25b82d6eea52b3c55bacdb52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in janus-jekyll-parcel-dotenv-safe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e089175016e2fd98fcc7c70267365ac25096a7d0e92459ca5ba25280086f96c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in umbra-fomalhaut-cypress-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e610ac0879d7d61e6f41f0587dd9f753775a9d82956e80f4a8a486ae1f56d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in remark-dotenv-safe-betelgeuse-testcafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f67536623e6020a2084816b1ce2ffd1af360a6738503293222726a849783479 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142804 Malicious code in ganymede-impulse-dotenv-parse-variables-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 465e2d206b79153b87e7ee11c402e73cac24432e0d5be4983711cc105753fbb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142681 Malicious code in framework-eris-nuxtjs-grus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65351c6929cec60563f9d875e745f9066af992685e01872ce292bf993c8ba1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149464 Malicious code in wezen-nodemon-spica-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77ff6b3eca8f27c52994004cd463f9db40fca9bf33131b79db34028edd8dd2be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147339 Malicious code in rest-andromeda-ora-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a92c88fabf7123e7ffb64c069cfb3f6a546e509857b2531c764b7e04bf9748 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139923 Malicious code in bellatrix-antares-halley-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7459668e9fdfe7e25259ab0a5378deeef5aab39f018a73af01ee396aa5f1f18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140729 Malicious code in charon-pegasus-jsonp-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82efbf0050b8e5d9394494a4d5e819a5bc550e287d785c51d7699688618a277f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145742 Malicious code in oberon-centaurus-eclipse-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab928e91bad85f7e109af50b8b181746c36455110c206e998eb3ec3cb8fc7a32 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145999 Malicious code in pavo-hugo-winston-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bfdf061a2794f8911e73a0f36fd0d80603c5fed1800c355ddc0f4ef97e5a82c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149383 Malicious code in webdriverio-sails-perseus-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f54d6d3405988939147e15ad93363602512ac312efbbdb733e39a2f217639f2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148988 Malicious code in unuk-vuepress-sagitta-taurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf436562229ae296fff8ff03e66e905874a0ef00f71b4363677a2245ede05009 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141610 Malicious code in despina-ultra-antares-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 819cb736fabedda7870c12df38f766380a63c50b19c79037d869d48113023350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147067 Malicious code in react-bootstrap-mongodb-phenomic-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a578d2d7e5537e4e062495c0e294002661cc51aeafcd9ea38025413e2c2c4dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148054 Malicious code in socketio-geckodriver-child-process-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 992519d57d5eaddeba7d0d897fcfd3a9290cc2d2f620518393717a638329adce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...