MAL-2025-185421 Malicious code in aldebaran-regulus-bellatrix-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 466d3ed4652474b926cfb44ab27373bbae126cc4d987b1c672274fad890cded6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185694 Malicious code in await-husky-electron-builder-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a86a1bbe4cecbcb8f3590b941a42cef3a87592003a2e822f176e34decbd8f04a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190406 Malicious code in xo-indus-procyon-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 127166ed7ac52806beb38f75aa00eb00ab30d661f9b3ff074fdf4d093831f339 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186972 Malicious code in filament-tethys-brane-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fd79b06d69f04ea8b0388bfa6ca124a65859009529152dcd4cb8413e3089e76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185655 Malicious code in aurora-nodemon-whitedwarf-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd97281221fe89d74fd42bfb63573c9c1be04ca2dd3dff73ddf81fe566bffadf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188263 Malicious code in nextjs-google-transport-markdownlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c44eb151cbcb09b201958c6f74871e720931d3f659375891dfd01e8250ce544 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in event-miranda-rest-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acccf89c905da91626d03d95cb26599e6d673600757370009e4ae8d8b0962900 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in async-dotenv-pino-pretty-odin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c3d4a572f76bbbe274534a67699ee258acbbf21283e21f9c8957d006040376a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ceres-petrology-callisto-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ef236e8eb1b727325a3aa33594675cd45f7056b4eeb66de2ec6f4c3717e7eb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in duplex-parcel-nodejs-membrane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa06346c89852e6b9c279cbd0b49045bb71d5ff9157585fa04bc9c20fbbf44d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in elektra-bellatrix-neutronstar-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c4f90b5692e853c91bc5bf63fb6ee8aca89c7b606140be3793dc608467693e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in equinox-passport-janus-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f11b68e3638d03fabface74d4eade1bc5f8df93eab7c0a224d47b29af1d9d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-fornax-commitlint-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82bb46f3ff203ae75ff16f3fe07423446d548e769f8914e5a85b752673724382 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-ionosphere-superposition-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d9915da48474b9a7fc365caff832585a7c79e69a676a479e6add1449dbf3314 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in geoarchaeology-sagitta-chalk-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46bc927471dab8293245039be0832db1245124759c8766ad7d47fa4e60f26052 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hapi-dynamo-archaeoastronomy-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54da22c800be5c89bf0fdeb32b9a7a594ca11b7090f7e046112643b481591db4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in helmet-neutronstar-xo-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 581f8b3bbe8d1d6d256b170ebe95f9b25932b9f70d22809d6886514f5a2936a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in materialize-cache-neptune-cosmogenic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ce0c130492aae3151f1a9569559e73ddc5670f78a3a142e9f6824e03610e1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in morgan-magellan-public-envconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a4010d8bb1de8e155f1dfe6a934c3701b7769ede92845ac847a3ee42879e16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in npm-global-sublimation-augmentedreality (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ddd49961f0d54ac7944b8c564af29d8e2be7f5aab114048fc3a52eaad56e34ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...