MAL-2025-145222 Malicious code in mutation-foundation-mocha-cosmos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4504dd92274555fec52a11e4209f610f222ddd78d1a95312070a220335e6d8d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149734 Malicious code in xml-relay-jupiter-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c20d6a9cc34ca95f2b1723710465fc3398f80bd0aa4f0419a2f86ed70baae5e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148413 Malicious code in sync-adonis-rate-limiter-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5dc33b4b091bc26ce6cac112f885cbde0319831f4fd7aebc4e645088bf967f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139915 Malicious code in barnard-nova-sass-loader-configstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1b57c9e983fd48309f566dee903920286b373bc535312593f2305034cd2ad64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141667 Malicious code in docusaurus-hyperion-postcss-jwt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfc5c61627e6280aedbdb49c22147e97245479a467b4b4bea6b57a4b6531be14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140700 Malicious code in chariklo-inquirer-draco-juno (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d298f0a4427a242bbd1c9209d460665100b4d41a1f01efeb885855ed86107ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139638 Malicious code in async-vega-jupiter-mensa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c64c3ff0fcaa999f368800299f9e3b6834bddc93d44ffefadbd20b354fdb971a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143602 Malicious code in ini-query-bellatrix-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17868109012618c362d16e0753aafcde22ed72095743ee03fc5cd4f777ae66cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146082 Malicious code in perseus-enceladus-quantum-eris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4345762cf9572c4ca534d0cb8b85a40e1ec55b8a4adf7873feaa18f6e575f5f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148689 Malicious code in titan-oberon-restart-electron-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f54b199c3e81770e49604610ad75bea2f44c7dac5b78f4cb3c6f6a4ce64a36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140646 Malicious code in chalk-kaus-eslint-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4159c0dbbb89b303076efe400413c3f25ca847b455c5b90c4a461c76df3e9ff5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146538 Malicious code in private-phoebe-package-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 982866fd39617ee1fce0dd6dd16c6ce9c1e10f05735ce609b8f0921d02c7995b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145964 Malicious code in parcel-markdownlint-start-uglify-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4558d218085cbba3a719f0a8e2748b8af97f88eb3804a1948c42ee6ce42aa2a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148436 Malicious code in sync-wasat-deimos-hapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b928c8b1e23b0ca5a42a3df176fa0f9a12482797e409ce6bc09d1a8c0636ca86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141993 Malicious code in eleventy-csv-envconfig-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef3bc58089df1fd8c787fa0c6b3f40c2656d4f1cf48409ae9581d82d97c9558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146543 Malicious code in private-slides-postgres-blitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5375be66b5a308c568af9c49e1f0e9f44a28b23494199dd3e641cb2a0f1f4993 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriverio-meissa-zephyr-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 184ecdeaa3917c9291a5b535a0b3fc11bc061913eb43b8f6a9163e3a070e4faf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in auth0-jsonp-promise-buffer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb40a31cd11f675d3723d8b1395719704e6175d0de1759fa6ee4004879d0d6e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in axios-canopus-kronos-rate-limiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48ade41d63c7f9d1622391ff19a184cc9d7b30bf4422aa034da1f374435842c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in axios-protractor-loglevel-warp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52d16a7033d42bdb4fbfafe22f856e5fb27e0364dea6cc4a01772b651a18961d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...