MAL-2025-141735 Malicious code in dotenv-parse-variables-readable-dactyl-dorado (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb3fe8fba115d5787ca57c1183f16a661fb0dd62f372ba2f47737309bd8cd39b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141449 Malicious code in dactyl-postcss-slidev-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b3e11e1b3e1354449c8d22e5413f49cc8fb31984d234abd2bf4530e6885e9d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140258 Malicious code in bunyan-umbriel-relay-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f3f063c2281fff1e1b70c86da2fc195585d3c059d7911720de2e6ad6746f90 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148251 Malicious code in standard-callback-venus-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c54afa4fcb2836ea95ffb5db003dc4c6f9a022be7b0b74462aacc150cf13c0f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142029 Malicious code in enceladus-grunt-jabbah-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 287cd32ffe0304dc3b78663929b5fb07c468c3593e8a043c53f160fac2438511 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142426 Malicious code in farout-sync-regulus-node-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab15b377e01838c81e48ce3e12a9f793df1cf6f08a8352491c27361e3411dd96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146121 Malicious code in perseus-triton-query-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3fe942855422456b2b094db1bd45bdae5ec15bfecb41962f6257d1a0d834689 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145420 Malicious code in nextjs-ophiuchus-promise-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c187d34c2d44192758f3a3912218065e845cf8db834b7b605521524885b719aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143089 Malicious code in grus-child-process-server-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b28413cef90aca4f8fabcb9fcb9cc4c3737e32a1247520c569f1d849bef559a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147669 Malicious code in sass-loader-gravity-draco-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d0d8a65fc724223d4447a7e5edeb4e86f4caf1d3c491101f9560c8b5752539d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140772 Malicious code in chromedriver-foundation-ophiuchus-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 734cc0e1a4fdbcbaa4277defdafd1411ff42c898978cefc6ce410b296ec7f58d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148144 Malicious code in spectron-webdriver-uglify-js-figures-auriga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8789b9b82d67312a6f4a4b617e59e05f8880864510defc0e5ca8981f30aa0dbd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146052 Malicious code in pegasus-sequelize-antares-jsonp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40c7b357b282c6107b66be25d25844369b3d99f701ca4c7acdb78e404c6d9d3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145983 Malicious code in passport-leda-spectron-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f602944b892aa1b431311a550c2bdfafa04a4576371a9039de3d80d1165b73af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141662 Malicious code in docusaurus-envconfig-equinox-eridanus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d82cf644f75bfb47cbabc64615e3caa508d9bc4d7f83845a2ff472647ab4fae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146197 Malicious code in phoenix-json-markdown-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7880f03c4f17c08b093bf7dfcb7a59a5ad90b3d3c77a715a8a9bc408fd2ca56f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139271 Malicious code in aldebaran-charon-pegasus-heka (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 808b7e01fc3390efda5a9efa37e7d1917a9fbe55cd61b8a33611ec40ce69b373 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-hapi-soap-testcafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07b11768cae9dce591b19f0b3aed2b0ce4d5df76c62962d608ab48fae2fe65d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143252 Malicious code in helmet-enif-gridsome-hercules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2adb39d8e6ecbba968ccf3078cdaee4dc1337a58a7ffa64e62d214da2649c403 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139430 Malicious code in antares-perseus-indus-exec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e171dc30c5618b4fb6ccfc0b3dc6ebf43932d473dddf05dff6be591c1695b8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...