MAL-2025-147258 Malicious code in remark-wolf-jwt-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd162f05a085a9bd6f3d5eae4eb71f22530b58420b2769e141f54389dd035c79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139363 Malicious code in altair-rollup-bootstrap-webdriver-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf705e24bcc766ffd8b06f92a877be746751610972bad74059d45440502aab2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142352 Malicious code in exec-mocha-pipe-repository (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98eab42201e22336dea2c31ea0ea8cc9c09882c65535f3ee18ea10f719c32e8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142403 Malicious code in farout-chromedriver-aurora-tailwindcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b98547be9e19d5bc0cfb5d20c3f5dcd85c8c38d403eb7042af8d27946d36a4bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143828 Malicious code in janus-private-phoebe-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e39b17f67223220fe63d32875adfba39ede6a56f0af2b1cac86d9c7bdb1d21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143292 Malicious code in hercules-protractor-heka-optimize-css-assets-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e418f0bc559469130812cf69c9e779b415806d81ade924d7975a5e386c1340a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145901 Malicious code in orbit-bellatrix-titan-kronos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a567f1ed8455c1488e6bc4ec30bfc6f16a9ce9fad068780f75d21a0924f3c6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141206 Malicious code in cosmos-eslint-transform-ini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7479fb17e9a5219733e5a679b2a6f500dc2f60d0358935e1b79955c8c2c8c2b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148999 Malicious code in update-markdown-pdf-pyxis-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f7ea5cae85a41775934cd115a39006333c25adc53b2eb9ab24fa32990648c2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144219 Malicious code in kronos-grunt-sadr-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a77e858e6d1a107decdeeaae11b5f3cac7d091cbd8cf3627ffeb3de7918adf8d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146123 Malicious code in perseus-vega-leda-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbaeffe04cae6de02e05a62a3739a301bfa80d5c4d4353e8d1674a2144edc320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144628 Malicious code in magellan-concurrently-markdown-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9abaa4ad316f22936dd5b88b8155e088efef33268c84c604f46a073977c2b2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in non-blocking-magellan-carpo-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3558b6b1a1972905e34cd4e0a792d129eaf18c22c5621bafbe2d68de82f493b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jwt-element-ui-jekyll-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8437bf4f418fb44e983d5e9aee58d0bb513d11557003ae832a6b0eeeaabaf637 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-pretty-husky-development-deimos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d107cb18863de80dd63b661d6601e6624f0bf076d8e8fce190952de982bf17f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in markdown-pdf-wasat-luna-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fecd59731081ac14a1d7e6bf85ea26c4a0b8aca42f3e976b461463c99dc87512 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in leda-jabbah-google-rigel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ca5d69cde5ef8f2e71faae2ebf02639ed7e17058b5e0d56f3a0b45189637526 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flare-materialize-passport-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aeeb3fbaf0c957bd1d21f84c3b5bfbf60932f1fac91db9365ea346a9b6dad2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deimos-gravity-cache-elektra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 622702e688f2fb8e40276dc4b844a58c5ad13b3b4ca30106511cad457fa7130d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yielding-white-vicuna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5f94ef43724f032a5e746999d58d119436b7dc9ca5af91c84dfceda94ff0717 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...