MAL-2025-142925 Malicious code in global-babel-sagitta-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 280ac52a25aeeb1b2e6c9f3a4a230c3844f59f27bfdf1b084f24285bbc370d42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139251 Malicious code in airbnb-chariklo-elara-phenomic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cac66982265c4f2d61202648e76580f5db3c11392d6a416f61414a7233a5bb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147842 Malicious code in semantic-ui-concurrently-enceladus-toml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e9348abe7dceafcbea1bb3601475a31350792e0fcf6ac6edef9d9fbc27f3268 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140025 Malicious code in blaze-lacerta-semantic-ui-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a663bd504b92f9c6b5898ccaab92e415af2335a8bf3ce22e06e7b89eaff5c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-fomalhaut-commitizen-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 518a1bd0c06c518cbadc3f73f47622697bdae7c959d3981ee9f49276a7973fd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142214 Malicious code in eslint-configstore-transform-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96b2652a5d2256805c259c8f94e1244bdb3de2f2d085378bebf0f43237998140 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141067 Malicious code in configstore-wasat-wezen-ora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66701c6c203fbd7db0e370552a5f119cbbb92f5de3ad0aaa4d68f7aa2d274940 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144491 Malicious code in local-odin-sync-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9d6eaad6abfc7da0b2db8e0aa9cb3812e19c577a9687e15a1f993dc96e8488b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146820 Malicious code in publish-vega-spawn-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2589b6efdb50910eacfb7ccf4819dbcb9694bf2c4dc977393e58ac92e7430e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in build-terser-chariklo-jsonp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed23b79eed8301d5dd64081b506129fa0dd8086dedc7df9b4ba9d963e3bae94b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-schema-browserify-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cf843fd2ae6038c2f101230047b7c1b1aec83b80da82a3358c35554c483a276 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in framework-magellan-mocha-lynx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 134d8b8ad0a608d770da2b282ea99ddaa6fcb5459a7eea6743382b9852548bb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in markdownlint-prettier-stylelint-impulse-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad1196d1bea592e2c0a9af35cec261779a44ca6248ecb86efe0670193f7323b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nashira-xo-concurrently-slides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6fd92af27014b5e0dbf1da31c636abf1d7e77a763f716e5439bda1534aafef88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phoebe-spectron-halley-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6609c06d440e2b17c22a87b2aced1df5a798c2dfea152333b4a5a15c25eabc53 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in inquirer-child-process-concurrently-despina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b2ddeddc56db997eedb9376c2bac0b0f00122edec437a41fa5927cb0001e8e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nodejs-framework-taurus-pyxis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ca5c47a0b91aef35c306426d598941c157a29b968536ca1515fea6acd250949 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in upgrade-selenium-nodejs-lyra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c05fac68d2ae84d2d004354b5f094461e364e0f684064354fb8cd27ba37ae1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139742 Malicious code in auth0-cli-envconfig-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48122f520a9bc16f034bc121f63a1fc78b4156d0abbb25124fb9b6b59a9be255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140857 Malicious code in colors-ophiuchus-apex-lynx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fac9084cf98ce4dda9f94e9b7e0f33074d12f8aef60576e6d3e1ae09d9903fb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...