MAL-2025-140857 Malicious code in colors-ophiuchus-apex-lynx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fac9084cf98ce4dda9f94e9b7e0f33074d12f8aef60576e6d3e1ae09d9903fb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146548 Malicious code in process-eleventy-tool-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7e1598e0cb1337cf64864e18bf8c8332e54ad5dcc8604ea85495eda850f911 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139221 Malicious code in adonis-xenos-got-gacrux (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e262eb227d33e53762a9bdaf1b929da6e755daf1cc149ce09ba24785fb8e7934 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144065 Malicious code in jupiter-tailwindcss-unuk-oberon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6604a27476f8c7705bc350f742b566022ef6f23c269b2a748a8f7204e54f0fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144066 Malicious code in jupiter-wasat-blitz-foundation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9636ce05fea538ac7059065ef9729dccfdc9cbf9fce39f7ae482e360c11bbc60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139812 Malicious code in await-venus-oauth-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12768900fb6531d21a6c7d38c5d1cdbfe8e4317e241ff500685713b38f7aafe2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139315 Malicious code in alphard-altair-jupiter-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb92c5e4220e85a5166f8dd8864e3cf2ef13901c30cca040dca1b12763f4c91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140044 Malicious code in blitz-enceladus-ophiuchus-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 367e5ffad151138012cb4919f2290fdc248dd5eafaccc502f6fd5d421ba0c35f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in element-ui-lint-staged-apollo-cordelia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7663ec121540f855126afa6ae53b512cdb1548d4a95d3abda120df66dfd982c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in luna-xenos-relay-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c975620d825a283af00eabd79645d08b0c38867f081c7fdc2039d5129aebced0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nestjs-nodejs-electron-builder-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd0bd4351048524ed1b2aa26beae0bc77fdddfe3341240e3978c60fabb7978e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in proxima-figures-axios-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c531b5df700f19ac865f238ec8ce7f58e318e21efcd90ca2e8b2bd093b3727d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mini-css-extract-plugin-sedna-fetch-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc0f3136cddaf05ac4a7fdc9bc9a237997fd35ac94b4b82011b8d0573fd9cd80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pegasus-iota-config-slidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a7ee901b19693d954ff98d4cca16f606bc47bb75e7ed26766e07d75e3a35761 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in redis-webdriverio-radiant-helmet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 897a7e6b0d29673d0a35368dd757e92f753b005c3adffa0fa191ef74cbe7ff03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phoebe-mensa-commitizen-juno (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3272fe5c8f9808cd0044a08766a3758f1bfb12cf816ba23e044287cfd572e3a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in impulse-adonis-lyra-pino-pretty (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7ca4591578541b00ee189827d4e9f0a0dc42ffd41bb91438b48092b3d41e0af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nextjs-phoebe-commitizen-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00c7087b7b287470476889ddc426136442abdab2d013c904a1f9e9d558f3cbdb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in express-meteor-colors-chariklo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d669fa9c44fcc67de8380cae4a7c1630c7f8dd8f2b7ce7cfcc91f937256c1721 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in firebase-google-castor-standard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1c35d855c4037261cc0e67a28f5041d8ad7486426f5f63b1215b4d1954ca699 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...