MAL-2025-149528 Malicious code in winston-sqlite-typeorm-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0583ba8d9067af98e95c066865b38f493fe46011683758f8afbd70d2cea4b9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148263 Malicious code in start-backend-delphinus-writable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56927550faff76fc83b82b8ee8c61abf5f4278b560fb1acc33b5f11b924971c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147815 Malicious code in selenium-sqlite-izar-rehype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a8953c630b9079488ae498842bf4cff37440b69ff8f6b186fe0366168f2c841 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143125 Malicious code in gulp-webdriver-mocha-yildun-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 204e94d6ea198d5df1a1fbf2ba5bba87ce888ae2859eb0febdbd54e436e7238c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146548 Malicious code in process-eleventy-tool-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7e1598e0cb1337cf64864e18bf8c8332e54ad5dcc8604ea85495eda850f911 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144638 Malicious code in magellan-graphql-levels-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20526f5014eee97ee2e57fd6f52681ed6681877adc4ebeefb396c9d8ff23adea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149564 Malicious code in wolf-slides-nightwatch-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11d6fa277ac69bd9089da09771fd17d8924184412af68db60a37dd1a2614aa09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144066 Malicious code in jupiter-wasat-blitz-foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9636ce05fea538ac7059065ef9729dccfdc9cbf9fce39f7ae482e360c11bbc60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147281 Malicious code in repository-rigel-nodemon-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66b245c5bad420fe8b658ba8fc96bf22f6279e86661f42a4edfcb8cf101ad1f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142764 Malicious code in gacrux-eslint-plugin-link-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8275253c0c44cbd7897a87cee97aa026524c4d7ca5c3b7dc23fad43685c1dac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139251 Malicious code in airbnb-chariklo-elara-phenomic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cac66982265c4f2d61202648e76580f5db3c11392d6a416f61414a7233a5bb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145985 Malicious code in passport-pulsar-virgo-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fd5757d4b0a6c5a20cd44ab3ba2ec2ad4cf07172929c6efa42f03f1a9af2050 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yildun-procyon-impulse-electron-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb5dc2d52c81a763224f849df35a4f33a41297e9a714ef5b1fd7fcd69cbd8728 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nightmare-envconfig-nestjs-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ce283718877e46946175f033597ea72cdc7ff55bfdf108784806ef510eb5bbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in figures-procyon-betelgeuse-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e6ec9d293aa050ea28a3dac80d3023398df9d62f4a0660466d4fa36a0c7834c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in achernar-magellan-server-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2f2acec02551e19c519fb08429a857027f87ac2d9ae888c056fe99dc5cc9e05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in less-socketio-loglevel-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 260abb768f8062126b91ed7c1e0822ea7d2cd0490e64c0ef6d0235f618e5ccf1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in got-rocket-build-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 028b8aa4f6185b93d879053833468fd2cc925423325abe587d94abab54db54f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-plugin-request-indus-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53ef0d07a987d27e4c659a7944026bc057f89b21342a892da7330296ce732087 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in io-version-spinner-eclipse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fcca631af9bd1225bc2295e4972bb17157ec73006cf5109fdfcbc42aad6da17 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...