EUVD-2025-179169

Malicious code in element-ui-fermiparadox-carpo-orogeny npm...

EUVD-2025-179877

Malicious code in carpo-aurora-pegasus-sqlite npm...

EUVD-2025-179876

Malicious code in carpo-hermes-firebase-nightmare npm...

MAL-2025-185984 Malicious code in callback-zephyr-semantic-ui-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc3ae303ee981c1075c7fce2279b092cf996dc5af84dcd3a3fbe2c0c2f2810e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179873

Malicious code in carpo-release-it-oberon-halley npm...

EUVD-2025-179630

Malicious code in commitlint-config-angular-nodejs-carpo-vortex npm...

EUVD-2025-179898

Malicious code in callback-zephyr-semantic-ui-carpo npm...

Malicious code in draco-gacrux-carpo-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e99af30e309e14cdab037f48e58b659c2e89b47c57ea0ca10d2d97b6c7f47586 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in server-carpo-carpo-cosmicray (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e13b35cab92cb87cd2a1275e1e555ba5cd6cc2d672f9915764840e26cd51e296 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187251 Malicious code in gulp-javascript-carpo-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f3fb31d46de531e486584cf860923fbaef0e8a21f7f9233132af1ea5a5ebc4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179838

Malicious code in celeste-selenology-socketio-carpo npm...

Malicious code in transform-carpo-charon-hapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9df721a1d001a47a01827b2556b96ff9d55853def17552c84f1c6e05a3172c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185807 Malicious code in biogeochemistry-carpo-alphard-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb6ae68492781c51e2028c436dc6451385234e8dcd5c0047bca8aba4e03c5e34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175913

Malicious code in transform-carpo-charon-hapi npm...

EUVD-2025-175583

Malicious code in webpack-xenon-relay-carpo npm...

MAL-2025-186639 Malicious code in draco-gacrux-carpo-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e99af30e309e14cdab037f48e58b659c2e89b47c57ea0ca10d2d97b6c7f47586 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186932 Malicious code in extremophile-fornax-quasar-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d88a6750f997b6922c6e43621f0149719c6dd1780dcde55c9fa55d9aeb2e800 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176415

Malicious code in server-carpo-carpo-cosmicray npm...

EUVD-2025-179131

Malicious code in enif-frontend-carpo-galaxy npm...

EUVD-2025-176631

Malicious code in rimraf-jupiter-carpo-phylogenetics npm...