Malicious code in leo-connector-mysql (npm)

The leo-connector-mysql npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

Malicious code in nova-quantum-protractor-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42b35d5356afc081638f9e5562655901df31ef1d90eb6c13779454805d9ab8f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hapi-protoplanetarydisk-halley-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14eed49e06d77509c188f6aa28a040fdcf9a987da14db1f3667f27101d6633d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local-cz-conventional-changelog-cosmos-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3e458e633b542e7ffd2b0e112aabcc898fbf435cc944028d735d657c238d16a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in convict-writable-webpack-cosmogenic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d97564ab9fc4db43f4230b9d93ccc412d62ff1b73b25e6ee7eeca8c3f4298df7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centaurus-farout-html-webpack-plugin-callisto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f90a93fb08acfd5f7fa33fa6b6f7fc638d17fe538b4201be97e4fd9c7c056b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yakutsk-luna-nova-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1247a887e7b5c2f9fd964d4f486657e8b0b2f0cb3db19d32b6971e95515ac6f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in grunt-ursa-cosmochemistry-xenobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bccb17c4b674e6159db53f27bc72f3b0aa547f2c6e40f0e3c61ee22969090b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mui-reveal-md-registry-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76ad89d8331122a15bc7cf5f8f5bff6b20a31ed3a2ccc02e5573a1f7b14248ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in multiverse-carina-boson-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76a771cf283fb9950e43b2ea7694717add47719ecac98d5e7cee380843483edf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-darkmatter-titan-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee347a8414e37c2db0dd852e5fcce8e90db1d785146cb6c111173d9d2a5b048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fornax-jest-ariel-spica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feb0d79504b1094ae1204fe3e8908bc1eb45f16d9f0a89e03f7a2f7fc5a0d796 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in node-config-callisto-comet-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b5635651be491b5fb17da64d0134d450bb553bf6c11fca9bc7157a5541ba26b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-simulate-optimize-tree-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47c722544b9359bb4bc6cef7b4fdf6d41f42371b1b8e0c2111cd18050e5101c9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in finally-notify-table-orchestrate-sigma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3d4ecfd3ec9e536b6f5c276f6a533ced1d24590a4a00d5d059c241e6c2fd05e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tailwindcss-bunyan-spica-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ef7ca0b166720ff7a48b675cb46297e227e219b0c43a8ef775f03020ecc2363 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centauri-protractor-biosignature-supernova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 739d1638844b716e95db11ffdb4027dd1942b8a1b956ef4531dcf9888bd02986 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in framework-writable-dotenv-parse-variables-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a47bd46b4ef5b2101952c40324d79249e25d9c3a1b697d350ff8724c4e24387 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in visualize-validate-array-hot-analyze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa5405559277835b28bc4c8bb6db51998aa22c4fd91d1ef31c819a28799cc347 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bulma-rate-limiter-nodemon-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 009a5f663c52773985c30c7de3050020ede21883b42f36c0dd75d76534b9b859 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...