MAL-2025-159591 Malicious code in mand-nofoy-mutu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 298c54e498ed37b8645ad524258a9b1b1eca2624ad98b13a25fb4cc936415a44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155795 Malicious code in huda-poke2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54c22def7c9da8701bce9b48ef0c8d03ff082fb3462958eb5255f0e08a0119c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-158476 Malicious code in lookingan-nalako64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c11d62866ab6f9f0f5dc8b045b2923e42ba1650035815931f103d26818bb37e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-162281 Malicious code in nokire-akaza66 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868404630fcc591e57b04620f6113515a030ec272e564102f259afbc1b48ee31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-150643 Malicious code in @miptaa02/fhfvxj (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b57851cdfd4e14e40aa641c35d71e6e8a298038e12b19563c944ed7e46dcde65 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-150973 Malicious code in @miptaa02/tedgy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6788a29b56edb84ed502c3bd4b0a863ab28cdbefefd769398556b72798ea0656 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-158508 Malicious code in lookingan-nalako93 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 041c22202ca8e0d97ee3572cace72fbc77e487d83e2cc16d19c2419dcc687108 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-165138 Malicious code in riyanto-poke31 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d712134482c7f972c54740b9ccd238a34224cabf3241c11a3985d2a5f50ecde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-170470 Malicious code in verify-taic-alusaki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8103fe83a0fa8ffdf0cfa702ab18f633e5bcfe00e57407f89b9d896a9c077b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in silly_whippet_gray-50 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a25c2754bac8cc80e2a1d377aa3d43b5fde90dbdfdc3a6904cf10db2b2b550a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in winston-reveal-md-betelgeuse-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5353a675fc71a6f7979ed34bb601e42339f6f0c11956bee5628b60cfcb84881f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yakutsk-registry-phenomic-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1fdaa9233220cf2578294c4ddf85f8c5f7ad591e9f946ecbefb1ad500110f7e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dagda-forever-proxima-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a695226dc0058df094f2a9e0bbd11960f1e6da96d66c47fa2c8d9bf1578fd334 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-resolvers-wolf-xanadu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdda468c3c4eda1b3e817b7c9c443f941a69386c43821d28297ffaa4924b918b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quantum-mensa-callback-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5c4af59ccdf081d321a6234c0e30dc04ed83eeaf768d85866f80c9b81d02f91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avior-solis-grus-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e1bdfdc7bb97c3e6f4552241ddd6ae1a7be05ef2b820b1547391c9765a70c08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eris-auth-fusion-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c74e6c4177a2be27c16708c819a8e4889de935df4620a23f9b07e19498a0d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yildun-procyon-impulse-electron-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb5dc2d52c81a763224f849df35a4f33a41297e9a714ef5b1fd7fcd69cbd8728 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nightmare-envconfig-nestjs-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ce283718877e46946175f033597ea72cdc7ff55bfdf108784806ef510eb5bbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in figures-procyon-betelgeuse-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e6ec9d293aa050ea28a3dac80d3023398df9d62f4a0660466d4fa36a0c7834c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...