Malicious code in mock-string-simple-final-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b38d5a29590fbb31cc80dde1e3ad6cfd08ab4787dfdf5aef7c978472bb42c5d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sanitize-new-link-code-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ea502fe1787665ba66414467f0d22ea7bd53a05d1a42ad35bb8974b5d525531 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-magellan-magnetosphere-paleomagnetism (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4fee2dc3ceeab278bb8c4c5fa3312ad51340599245bcdf8b5de8eeb28e8d9bce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in whitedwarf-inquirer-csv-blitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d750b9bdd14da059ef8cb9f7ae5a0d0de018cf3ce9d7393049e79180ca28bfca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in public-final-iota-upsilon-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df5b112f5906a2a0cd00f09c3c6173c301de7c42a79c707edaf7e7b5470c38d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in new-user-static-awk-zeta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f9dcf7eed16e352a4e0fcdb4e1c39ec368864e56f59a7c610fef54ab9b66cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in permission-big-omega-alert-phi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector becde5edddf85b8ab06be7625942764cc139abc1be9d4826b8cc709bcad57c28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in code-interpret-finally-decode-cold (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda77329400e2d6d937de5ec4642461363583de5cc3bc09ba36c5270ced52d51 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eclipse-parsec-native-commitlint-config-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad95dcc42d1e37b32db227d88bcbb1c29f48527e882181591d17621d99b3b24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postcss-mongodb-astrometry-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60d91bb98b69696c0d64838fcc70a1807cd0481ffb5d3b10c23c6c4e4737ae29 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in json-babel-regulus-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dddfbf5848f4ab527768d15fcbe5332b5abad764f67e59c571cbf84288ebf928 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transport-registry-slidev-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2660007516964d3692e02aabbe87172c23d0b68035f75d6dfe2d597e17f4948a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in toml-json-express-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e3cbd03b3937d2d33a6253b82a0a39f4f6f81fd66eebf439e0d0ec0bf26ce60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in promise-interpret-cache-final-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9605759b1020adeb5ec89f5a9efb1c8e482a5658943df0515f8cd42b73f4425 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in scorpius-gemini-ionosphere-odin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58caf529580aeb51398d73880496f218ffb439bc6ff6cdea588b6fa00681ac25 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dog-daemon-transpile-grid-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55edca587df4a61a434055376da40b0f9a67bbb2d201adc1b4ab8833d5c309bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in blaze-transport-eridanus-singularitarianism (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 132336594566f83353e8d26153b7eaa947954f4e3280dca688c1d21777f60534 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spawn-nova-antares-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9165a42167bfaa2160397587a1d764f3ba2df9f596d3d7bad89d935d99800188 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in materialize-dotenv-safe-sublimation-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eefa120636cfd6f73b190f56220380ce77849e4a839a8559d1106992e1aa7d8a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188591 Malicious code in pavo-xenon-markdownlint-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b73f8ab6723aec7e50b5b9f873fb31ab31825f1fdaa756acdefbadc5f96ca02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...