MAL-2025-188720 Malicious code in pipe-grid-byte-old-array (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 707c043a8df19e2deb325b85449d0ea39297d0bfab853cf484146aafbc444bd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in run-script-sagitta-pulsar-alphard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 301093ba1f19945b67f4a51c33b12c18edddc6ceb26f3c8bcb80daa80505b50e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in testcafe-miranda-electron-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6dc56bc034bb1eb4e4b4fd3fc8d7db620ba01d5807f3200c1c40cfe1f26c695 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186904 Malicious code in exoplanet-izar-superposition-style-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 886be052250c8da22409a509f63c9e24a06168838b56a8677333e16aa414e897 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transform-galaxy-writable-slides (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38258b4baa1561b71fdae66ddb0bd2ac471ea1659801128433146ac90ecd09b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dotenv-safe-nodemon-ariel-petrology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0dd10bc2cfa24ccde592a913acc6858967290e29bf81dfa4d634d6c08921764 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hexo-interstellarmedium-spinner-less (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2d056a5ff5a98aa34e68337b4e80e0fe26986ecc5cc6a0b376e60bbb1dac07d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-child-process-playwright-geodynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2930943f9773ed3a8e0e8da3151f56613a8f80e333398f6cd40f7d89ac3f9b05 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in finally-validate-spy-transpile-scale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9042f0ca03575eae11d95191fb56e4a493c9d9cc6f78b44ff5664df90a5eae0f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in item-atm-kujoloi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8455fd4274803044fae51d2b3b49fdc3f5c34fb4e1fec7c2b7fae9e768c5cf97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in astam-if-dak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e92b934eb64c290922be554dbe6bad2d27b149bf93cfa109ce32d1a2709cca6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sonec-kat-fiugafav (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16ec554d587a5d1cd5dae8554c1cda2b5b4994cbe52341c9cbe53a09d4bb362 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gocay-guga-visi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a1f20bd9cb0bc58e595f39c6399bedb6b92035d94ffa79e7a77d6889d61b1b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-184339 Malicious code in modiov-kifni-ufbaceuiacx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb81084814a3a38ce459fd2b660ce3bf6273b24a3ff1e241b43f7354c56f5433 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-184556 Malicious code in mugiy-ajoig-daitajk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a952cf9282e23a08ba9ff19ec953ca1b27cfe4abbaca938ea1ae685dc09f47cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mitokoik-oni-oldis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3938b2f5e157a209e749ffff3023a3ed5c36cf832e206fdfd99c5fb955e1c7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-184438 Malicious code in modiov-kin-afbaufcaduc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df13d2e7a158ab173f2f9e7025ac07dc1074386e8cda94a003fe3e72b0688f86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-182668 Malicious code in inda-fodija-gifa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c953286fcd70a0756dea610a4c9bca92968c65f876272a2d7f937761f4c5e6b0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lobac-ub-jafgfubaf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00c1fa36cf6fd7623b6ffd107880c178783ae951fd6461fd31b2492655482ad2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-184007 Malicious code in mitoko-on-lak (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88ef4ce4cfb8503732d7b438282d17e82f2419905c4e011cf50294ea71ebcf8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...