MAL-2025-187598 Malicious code in javascript-hyperion-quantumfoam-rate-limiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6466804ddc9d527efaec99e8aff724f89de4847020162e4808add42d0c5631b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186517 Malicious code in deimos-koa-build-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a36c41fcb310eff78aafc5e8df244c1040a53162533a3e6f7026cd926873e7c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186151 Malicious code in chromedriver-non-blocking-chariklo-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69e3235429342473e1c54ce4bcd3e40bad9b9b47232d9bf913d071fe49eddd8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188674 Malicious code in phoebe-petrology-sirius-fermiparadox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f897ff38dbb81fa575193bde8868cfa42159ce1bb70838cfe850d7c349b77de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185777 Malicious code in benchmark-refactor-secure-scale-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f42ae67e1ed1256c1209e7b423d44b1685f842ee81b1702990e6a5b8549973 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186418 Malicious code in css-minimizer-webpack-plugin-brane-saturnology-quito (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b3a15e647657f89676e3a0ec4db2727fc5da627f8ec6d6e710edaec52ba97c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189641 Malicious code in stack-theta-meta-index-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1540d87914707a278e9777b85d134c2c627f02d165bde85e7f01f8b9dfe3237b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in event-miranda-rest-semantic-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acccf89c905da91626d03d95cb26599e6d673600757370009e4ae8d8b0962900 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in await-throw-psi-simple-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 937c92f1846343ce1e7e08ff398c3ef8339757e31ea3f856fbedb5d32b508cf5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bootstrap-fusion-loop-restart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ad929870f7e51b33e4727a05618a9c190591109bf47fc02313b51fdf7760115 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in double-decode-encrypt-cache-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2dd120085360bd941b6b618bfba167ef9076e6663bd3af7dc247e1b7a6588f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sync-uglify-js-rest-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab95b633e6385faa2ae97803caa076c5aa6894ce8f5a472eb6441b96ae2ea32e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in outercore-cli-concurrently-troposphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76cbf6f2fe58669afa1ad61f6a6f611e0b68ff421df8477ef30eff21fd33ec5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zero-daemon-small-fire-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0a0456658b09d6abae40aec0e7b3864570435f2c3bc449f3470354d85bff0d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in web-route-final-nu-route (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a5c7be5f1d5e20af05a8a41845cf88aa11d49fe80adadaa957e21395a29b1a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in astro-helios-nightwatch-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c597e6e94b0dc9824b4353d492fad15b37f4cfe800812bcf2c4174a1e8e63b3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in node-optimize-table-alpha-final (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24f260e0fad0e2b704b1d9ca6562b1bf2b8263f6a59ef27a984a33fb7e91cb2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in root-resolve-wind-stub-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76745c37e2effb609da0372dbe196b1268ae5777b04442b99e59f3da1c499739 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-registry-forever-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c9bee273ba762279ba30203b2a54d467cc3b01e489006d55110b49d433736a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in class-debug-private-decrypt-slow (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a04a06a34b2a6897164af73ecf02e450c652a316afea2fa8968c84edc0726e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...