MAL-2025-185418 Malicious code in aldebaran-phoebe-sagitta-brane (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbccf5241e22a7f267e4d1fbfd23724cc4e61b5fb81683a3f249f5614a147ddb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187866 Malicious code in loop-quito-hyperion-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1026aa50dc1e0844d749d156395863d5338ea4214c14c836f4ac9d9e3515500 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186331 Malicious code in cosmiconfig-perseus-redgiant-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8cabf74a61f50af9ee6fb8098d25d2c08526d5b73a3c74ec59e714ad4cb37b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185930 Malicious code in build-neptunology-neptunology-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed64aacd308317013397e7f8a5aae9ee24e87f51b7fa69048677cd32e333872e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189285 Malicious code in route-compile-good-private-tree (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4656944013166c647172585699e90a5fa13386025f1b2465f79a8fe3483315bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mysql-fork-pavo-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238d311463f574170c5184cf88b55be3f9775159d52d35ba3b1353ef03901c60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in boolean-zeta-fire-omega-lambda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cb7f8a6641e0545bddde60dbe3e670dbd50d4ad1135e2b340018411b59be59 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in test-star-web-zeta-minify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14ee65ad7947ed824c06235e38a3aee5d27831c7878012cb2c3e1878731ccf6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in server-astrometry-ceres-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9430520de490e8f75068610ccb80db0faea486d1597a97a99d229f28c8b0d831 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in glaciology-wormhole-cz-conventional-changelog-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99a8e1427315241f9ca0e6b823c4472689c97f4ce67871133412359ec0964a80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avior-quasar-comet-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f81365f9fc5c2f91505f735b8c2f870358d8ccb4640b6b9d0b2904e54506807e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in warn-bash-grep-array-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8bc328598631e616c53ed70b1dfd4a169e5b60020465e7e29511eb35b9d538a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in final-secure-epsilon-catch-book (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17e86d24f9e0aa24c62e5e4c9ec1038d73add02f6ef91a7fcf8a98ddf0a6de0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in integer-slow-java-object-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b338bdd9293fa0282e2edf7b2036cf63e23e3c501b1ede7868c0ed601a40f6e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189683 Malicious code in stream-ichnology-plutology-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913731d4cc63d076cea89efc175f0b1336bee0af5ed411b24838590cb32612ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pipe-simple-virtualize-void-stack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 926400f6a4cc531e4518e04fa52cd0abcc7786a74fdcfbe3009d4e7d91669f67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in npm-equinox-bootstrap-baryon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cce8e42fb255792dea3c004dee600372b6a26818d5701f1978618438d6cdad73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nestjs-astrometry-geoarchaeology-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4ce8afc89dbb4d9b8803c81b1f7a4c931f3edf36f43e471ae33f472e8148e7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in parallax-speleology-cosmicray-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcb1bbd0bd3357091e2d748d5bed61fe8406818a860219badcf71fab198a6f75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cressida-indus-epimetheus-borealis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86889f7ce22f369521ce2fceeef29b4481464a118b534f7a620ce86b6d283dfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...