MAL-2025-148586 Malicious code in test-umbriel-postcss-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7653aca1f1686de272649e61e1bde312c3bf99f0ef8ab440834e77b4c521883a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149078 Malicious code in ursa-venus-terser-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e21328f1d7d1ad0ab1a8c517d9028d0de2ec3dc3364feead5e8eace5a4d4288 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dione-cluster-hexo-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d8497ec4c25a6c9e25ffa655c0a28de102cd03a2893bad483366653df906f49 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mysql-websockets-webdriverio-loglevel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 494bff2878a97456ebcc90ae6974ee2cd47cc9a3e8e24390be57fc6741f9763e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gatsby-betelgeuse-exec-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc2154045e7fb54a083b9029a1dbd9999c466e2d28e5a016fdea509f93c03163 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140074 Malicious code in bootes-deimos-tethys-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bf8276b237457929553c4b5e28b51cc0edc14043dff26620640248f1d6fd96f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142985 Malicious code in got-rocket-build-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 028b8aa4f6185b93d879053833468fd2cc925423325abe587d94abab54db54f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in auth-tethys-duplex-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5118548c8190c3f375c9f5128d029bf31797ee6cf9feddc4180b3f4efd440584 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deimos-gravity-cache-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 622702e688f2fb8e40276dc4b844a58c5ad13b3b4ca30106511cad457fa7130d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in firebase-relay-winston-webdriverio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a8df2c7171ca9261aad999cabc9cab7d7e3eb476ecbee2445af9054a0299af5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flare-materialize-passport-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aeeb3fbaf0c957bd1d21f84c3b5bfbf60932f1fac91db9365ea346a9b6dad2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in framework-wolf-yaml-electron-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5171dda2e66d0c63bc03ea95d0b716b25ed5c71b006bc563842e12f1b9b6ae5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in indus-apex-spawn-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a71e0a1e9cf368723f79a82fb82524b86d059fa3abe85eee3b94013aad9171af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jwt-element-ui-jekyll-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8437bf4f418fb44e983d5e9aee58d0bb513d11557003ae832a6b0eeeaabaf637 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in leda-jabbah-google-rigel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ca5d69cde5ef8f2e71faae2ebf02639ed7e17058b5e0d56f3a0b45189637526 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in markdown-pdf-wasat-luna-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fecd59731081ac14a1d7e6bf85ea26c4a0b8aca42f3e976b461463c99dc87512 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in middleware-postcss-loader-vulcan-configstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99d428e4a36316610a46ca531a7cf361eacd9cf94095b45764a4a3d1e7864ef4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in non-blocking-magellan-carpo-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3558b6b1a1972905e34cd4e0a792d129eaf18c22c5621bafbe2d68de82f493b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-pretty-husky-development-deimos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d107cb18863de80dd63b661d6601e6624f0bf076d8e8fce190952de982bf17f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-shelljs-jekyll-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de091a3968f27ce74c81fbe514c2fa98c46ffdd8b63a1a10948c72140895732c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...