MAL-2025-145868 Malicious code in optimize-css-assets-webpack-plugin-radiant-aquarius-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913bbf04b9d69140ecb5c9b9f40687172fc561d0617dba209fe8a7a78d5f9062 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147570 Malicious code in sadr-orbit-publish-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a8270fc0017313bc154b75a1fb4da0c00fc8f3d414844927e0012cdd7741f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141837 Malicious code in dynamo-sequelize-hermes-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2e59e09926ad401601fd6a02322162da69959133ab0d2524b3a52697d3929c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-bulma-polaris-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 692d8948eee5220a89db98305c0c5b8563d44e1e8f148eb621bcc3b1f6e1b915 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xanadu-centaurus-scorpius-babel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3bcd92f5223ed3455308cd868500f9582e6abe1081bf9975ab41468d08a549 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149806 Malicious code in yildun-antares-mui-impulse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b10b5e93a26dbeeca2443fc906e35cd7a1c3d3a6f0ebfe158c9a50ca3ad24d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139957 Malicious code in bellatrix-spawn-iota-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e02a2735f04330ceaa2f373020d5d6d3640831bf53b240730c047be4df17a12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146304 Malicious code in pm2-odin-carina-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a58d80ecd946ce5e31f29fa6ac0489e812813dc38545d7d78e46a43a4c97e9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149069 Malicious code in ursa-protractor-eleventy-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f19574aa3d14f05d94240a6fce6061b983825c655f6ce6763b33ff9bd4969a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142253 Malicious code in eslint-transform-terser-oberon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf293f06ba8e34141c8b54aa5f1d3b141f1df1fccaf11b464aadbdd0e4fa940 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144393 Malicious code in library-zenobia-native-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce9620d5a9059a59c24af888f0c640dcbdd31ad3e5c571b59e3b1c48a9264c8e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146801 Malicious code in publish-pipe-antares-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ece4f36eb0a4c0e49c80f8088a1ec9699232370a88da237cc71dba2575d4a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148126 Malicious code in spectron-webdriver-betelgeuse-odin-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f08851659b6a53ea323142e60510fd2ea2215b5c6a75a5928f0eaa11a6e6e9ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146416 Malicious code in postcss-magellan-ursa-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fce8458ed2741ec54d9c40e4518395ab915bd46356a551b9e18b8511ef6e3f8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149299 Malicious code in wasat-restart-loglevel-carpo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 574c669fccaa341ec62ffab852152064911a73868724f75a4af37737a8830674 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141276 Malicious code in cross-env-yakutsk-octans-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ec258cbc55d95a4aa0c35968e62956f226510e7535d823debd9ec5c976ed91e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144646 Malicious code in magellan-markdownlint-concurrently-wasat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 260d3be4e484f62d2fc2a90189330282e1a805f14b6990559ace653282d90529 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140598 Malicious code in chai-morgan-aurora-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b05a0769bbe5cde0c09615f00b83963a0ee9337ff58ba3d9d9c8b81228f6c87 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143503 Malicious code in hyperion-yakutsk-pino-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b161e20714d583c8b9768d31924734fd3af412e4d3e52a341f66e4d57a67528 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147258 Malicious code in remark-wolf-jwt-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd162f05a085a9bd6f3d5eae4eb71f22530b58420b2769e141f54389dd035c79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...