MAL-2025-144875 Malicious code in metalsmith-dione-phoebe-ignite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b7fa0a724ed7a8a460cc993e6fe4b7139d1c9efafe18cecdbdc2df864e2c1a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147766 Malicious code in sedna-grus-install-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae99cf926f6f19c7e796c257a203c25a57cf829b1a9e45ffe9d8433f759e7b0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146019 Malicious code in pegasus-callback-build-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa451bc61732e3800480939f0e2c59aacea12ed0549347ad33424411dbe39b55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139654 Malicious code in atlas-radiant-equinox-spectron-webdriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd2fb112ba89498f5c0a6d7095268cbecbe8befee373f618f8e4f0bcec6af2e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141971 Malicious code in element-ui-jwt-uninstall-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b5a60826ce2dae0b128158911da5fd082c31135b1f850b0e1134ec983ed2dd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140276 Malicious code in cache-mongodb-oberon-indus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03e800145a0cd744f6884e1491601dd0d0e4bb5235ae6f74b6e7ec2fa7f61cef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149066 Malicious code in ursa-phoebe-capella-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4680409f54b1672280ea548697d53e97ccce528f1084641660525b8023e6b0c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144186 Malicious code in kinetic-spawn-stop-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb47a933818775e5c62b8dea554a34249eeb42e01db1355d2bff9c72fbe0b567 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148568 Malicious code in test-cross-env-json-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ac2776897fa85ee4c9d70fe5522af98d5ad8fee59c900ca63216b4324d8f89b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139430 Malicious code in antares-perseus-indus-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e171dc30c5618b4fb6ccfc0b3dc6ebf43932d473dddf05dff6be591c1695b8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148392 Malicious code in supervisor-hyperion-elektra-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b5db0db05fb5d54652dfc6ef8f14eb7198b85498ccd575cdf38a4587083e295 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148144 Malicious code in spectron-webdriver-uglify-js-figures-auriga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8789b9b82d67312a6f4a4b617e59e05f8880864510defc0e5ca8981f30aa0dbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139623 Malicious code in async-development-jovian-jwt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51464621a81af6bcff023d345004235362af76b61b06c3f4b8d0b27d4975dc4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147858 Malicious code in semantic-ui-tool-fornax-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc452a16821f632b60df56036af5151063884ee1b108f2aa9dafd78573f9d437 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139251 Malicious code in airbnb-chariklo-elara-phenomic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cac66982265c4f2d61202648e76580f5db3c11392d6a416f61414a7233a5bb8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144733 Malicious code in materialize-await-cosmiconfig-slides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 153d9c78b1503d4d82f8378f93edab2df4d30b9f1128f3bb265df2952e37843b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143252 Malicious code in helmet-enif-gridsome-hercules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2adb39d8e6ecbba968ccf3078cdaee4dc1337a58a7ffa64e62d214da2649c403 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148878 Malicious code in uglify-js-quantum-vuepress-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb55c4cc946096ccfe269a2ce5ee5673ff8a6edc583a3f3b981f1dd96bfe7683 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149528 Malicious code in winston-sqlite-typeorm-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0583ba8d9067af98e95c066865b38f493fe46011683758f8afbd70d2cea4b9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147909 Malicious code in shelljs-bootes-regulus-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bea1d60a341ee060fd308c857d380e387103b67657fcb6ba02d846cc3f73d1ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...