MAL-2025-147909 Malicious code in shelljs-bootes-regulus-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bea1d60a341ee060fd308c857d380e387103b67657fcb6ba02d846cc3f73d1ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144281 Malicious code in leda-miranda-oberon-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 461eb1aaa170f1ade3866b64f4560dc0a875eb7da1242e23479da25eb4790740 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147042 Malicious code in rate-limiter-loop-npm-farout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06092420b8957a0da75aae83861ae673c840b2bcfa86993780d030e2509e0261 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146687 Malicious code in protractor-hyperion-soap-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc172a6e98714542897ff86e8b096def8bd773c0f7a8b2d9a6dde31dba23d298 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in halley-markdown-pdf-terser-webpack-plugin-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c8f8e6d03c3daf00589833a3797e608a89883125a45d9cff367282e9f6585f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wolf-loglevel-hyperion-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c07215dd570a9f1ba91bae4165f316f59f121eedcd225aef447a190551ca6cbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-plugin-solis-nashira-ophiuchus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e063306d0ace405b4675d9737c8065008de10a8d47a009069e48b9c53f1b196f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xerxes-node-sass-mira-capella (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e5c0088d5c750f8fab1a2dc599d682e4ffebe0cebbc23360f042a0267bb5031 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wolf-antares-uninstall-impulse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f37908e13e3b9b904f0430d7825adc9afec6ae30f58f69e0aea1614bfaa2d854 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jabbah-stop-fork-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb8f85fd8655a595a472edf9de22c502004bf3992a2e1d4e481ca097860e48ca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dynamo-nuxtjs-webdriver-mocha-reveal-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7277ac0d127cf1772e66a3056915d72d9e2e15b99d904c28e2c47253cd61178a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in element-ui-blitz-rehype-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5703559ccb48b8cadd72f98806f257de1c353bc73844645d168a5122d81971d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in global-babel-sagitta-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 280ac52a25aeeb1b2e6c9f3a4a230c3844f59f27bfdf1b084f24285bbc370d42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sirius-gulp-playwright-jovian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97c521360de0b0ca3d58c926ad007a3d8f6528de76ca5395d2ffb8fc67ee2b88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callisto-playwright-publish-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84bea5b7884fedd3cf87fa9645c779ea6d02be1f8048fda82a3760b16b90d937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xerxes-sagitta-inquirer-terser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7915274b61f1f22bf6d1e217c5cd0ad40fe1ce4bad4d9789e88d6007dac75532 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in soap-pavo-barnard-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c60fb41ebbaf22e751bb38346303fce0e6f2ea2eb0e75b6a3e91c73e8781911 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in thuban-meissa-envconfig-deimos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59f0f6cece6fd5f5c781801d368a2f9c8378b13cfee5c710de8b83ff681d52e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in version-mongoose-cors-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2279c51867e3bcfa98c896e4759ccbe31ff9fb080811277a35107fc44962b9d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ursa-sass-loader-orbit-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 299b64b0af89711f6ace77bd2eb74ec7ee22b886558ad7c24f690a3b16389dd8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...