MAL-2025-185682 Malicious code in avior-atlas-draco-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a791d62990ebf89a04fbe1533307e4dce1c2a0f5b13b29a8e03a05b77a2226e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in karma-update-slidev-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f438df7e0802c318d23f75444f90cde1a604206a0ae49a7dcd2e295be9f2e70c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in grus-private-quark-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d16e13dec01cfb2b4640caf03ff44b0bc81c7783aa0631bc664936909d63ed3c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in levels-eris-ora-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 396eb7d9acfb07e0b4d45bf71b3a83fb17f984b821fe561d455530ef55d0f946 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in multiverse-pavo-dependencies-enif (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5bb86e4fc7d6abeeb8acfe3062856a25e160c76e9ab903a8caa83445b6660ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in loglevel-hyperion-bootstrap-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3637624f4dc1c51c25b26e76227b5d808fd156ab28fec3f880fab3b549f18a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mongoose-convict-kaus-thermochronology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b09fc991ece735c5ad822d0852bd88f8995b904d918263bddd714059305096 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fusion-steganography-tachyon-exobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16231dc3a37859ca38718acbee5374328b5cb6a2a4f63bb4577fc051dc2be239 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chromedriver-hyperion-isostasy-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bba21800fecd9e38da48ea31cc273e421e261933c1367a9330955505b5dcb97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in radiant-event-bootstrap-geodynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d884f8f8fe69d800ff13733a4da5865fd63f1846cee21ddf7997124ae41773ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cryptography-cross-env-google-yildun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 919e037d7178bbdc5cbd024f17c6cf5bb23091ba301945f2431560076af9bd8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sedna-semantic-release-meissa-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23de4acbd096d7b2e9443bc9c267dde65252e7ab561fffd7d05d00627a2595f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188944 Malicious code in publish-airbnb-changelog-archaeoastronomy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ba327f3344b387071a4396d178c7fc38bbd4e9fa76c261ec5c8f657092af621 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190027 Malicious code in uglify-parse-socket-new-error (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793ec543bdbe976b0f5182752f5ddc02ebaebe2cb361ec798fd818b5da6cdde9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190476 Malicious code in zero-warn-char-class-visualize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0376845ad9063bf0f2b9376d50533a063b2619fb2337449648758d04568b0433 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188155 Malicious code in mutation-local-archaeoastronomy-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ab62bb148c77dd2d5c67896079fcfd49954b6069a61c7291227b75beb98678 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188071 Malicious code in miranda-fomalhaut-apollo-cz-conventional-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0159cd9626a0e52af757ba48b3488f9f060a2af1756b874ecfbd0ee5361b71 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-181721 Malicious code in astam-ifut-daoba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0eacd1c16aed478032e64183fe74dd98ba2f6e50125f39506c07a51c6f1b3553 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in imodiov-kofi-cuidcmng (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03fc415675185f66111175dbce1f15fe7ffe28032015f8fc77487a2a7708c0f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in modiov-kifni-ufavcseqinuban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 113e9ae876b6b3534e3d1de5440858be0fc9df83736c9088ff35defa30f66060 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...