MAL-2025-188819 Malicious code in primatology-paleoceanography-mineralogy-wolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a547564613aed99a100963bdf0b3057b8aebc1084ae8fa5995b7d4b59157fb20 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188694 Malicious code in pi-compress-grid-class-fast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6d671c689d2c3dfcd0d0dbaee3226495d7038edcc575e8554523c622d82ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local-terser-postcss-loader-eventhoriz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34b65bfa47dbfe04c6f4b072ca313e3d49adb15a955a7b43a2c1fe3e2dee460c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in config-ophiuchus-levels-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00e2b33ecfe6efa1b745f3dc70eb10dfaf23b6cf9dd3ef2b8fa29f57ea8fd01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-genomics-grus-planetology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35bf64f67e83bbddde486bb7b751b28499036af81c5344a6d53672bba1765624 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in commitlint-config-angular-init-miranda-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a99b354cc0e80cf5bfdc8e125674477abcb0f262775850a536241b2b90e9e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ariel-xenos-dione-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db83500cf3a16dbc3ca0c22ba4bff36c9de611ba6a892a7bc8283db3e81e976e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in awk-node-public-interpret-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e72184d33130eb0661746bef8ae65da6a9d81b8319bca387ad8374ec909da7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bash-serialize-decode-grid-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f77e4d6d27883a5416570e199d67bddb626be68458845c00ac83a9c839b6da5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in betelgeuse-nodejs-hugo-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efd615312860e6e2a3a4cc57cf701c017fa4ecd15d5001d0580f63e6e71e942e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in brane-pm2-isostasy-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa01e9199e6ce6222722eeb81495ae737caa2187e43015eef4a82c33f892f6af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in catch-daemon-mock-emulate-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be4424acb56cb398c60eef12481aa28aaa4c0b92ebc9e818fc755add92f63edd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in class-kernel-lambda-void-try (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f07d1b6f4250bc7debfa02f88d961108d6e01a100297ae64122870d4c9302a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cors-centaurus-electron-builder-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feeccfb1d261c6ca7989d2be6cee1c0b020d5eaa19f8a9d0e008e8d47573304c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-config-sirius-run-script-sublimation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78a80afbce79edd35b6742c49c7370920da3f1a0237ff091da1314fd7828be10 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in express-superflare-antares-loopback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7a6ba17312913867557019313b03b4665a5d4e5fa65ec12316140c967ff809 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fast-stack-tau-execute-hash (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 137b84784289328d3b9ba7b56948392fa03badb0f041d479bfd6c1126377132f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in grunt-ursa-cosmochemistry-xenobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bccb17c4b674e6159db53f27bc72f3b0aa547f2c6e40f0e3c61ee22969090b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hash-table-enum-debug-unix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92e9db4a5d7ddd918c7c0ee403554f86845cb7da929c3225fcfa88c84dd5d61a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in link-loopback-hydrogeology-gacrux (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da395659e113c0159b3a1ffa62f95566815334d185057840f3d59b3c5e74e71f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...