Malicious code in gulp-nodejs-bellatrix-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a51c5af9497d648c837690d26c1883cd6827d6a576e08da0c2774ab1f1c3bf66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nodejs-frontend-sync-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46ae7bd01528ae4eb0e9b0708506f1ef7e24e2a6f8bcb754efa14557a29756e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in parcel-scorpius-mdx-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bc7a21c4963dc60ce68de9cc69056a821e1b943c03d0a1cda2e6c27e06d667d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in taurus-exec-javascript-repository (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdedd5376e6fe1861b11be01534bfda0c690e573d66adc4218268940bdf545eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112223

Malicious code in javascript-scorpius-global-framework npm...

EUVD-2025-121832

Malicious code in spawn-apollo-envconfig-jabbah npm...

EUVD-2025-124291

Malicious code in non-blocking-vega-jovian-csrf npm...

EUVD-2025-123163

Malicious code in public-gatsby-figures-hugo npm...

EUVD-2025-112230

Malicious code in javascript-nightmare-lint-staged-transform npm...

MAL-2025-148501 Malicious code in telesto-release-it-google-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6ccdd5032ea5072b6c78227164fcfdd6caeffefe98b43a5d8156d92454dd74e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122927

Malicious code in quito-javascript-achernar-wezen npm...

EUVD-2025-112222

Malicious code in javascript-stop-solis-magellan npm...

EUVD-2025-122253

Malicious code in sass-loader-gravity-draco-miranda npm...

EUVD-2025-115702

Malicious code in carina-centaurus-blaze-terser-webpack-plugin npm...

EUVD-2025-112235

Malicious code in javascript-dotenv-quasar-spica npm...

EUVD-2025-111283

Malicious code in meissa-semantic-ui-javascript-webdriver-mocha npm...

EUVD-2025-112234

Malicious code in javascript-indus-ceres-ophiuchus npm...

EUVD-2025-111203

Malicious code in meteor-google-jekyll-query npm...

MAL-2025-143876 Malicious code in javascript-await-upgrade-venus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14592802e63f3973ef3ffea2ec15e4d1dd4b08a23406db7faf7b24ee39c3e473 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112228

Malicious code in javascript-pegasus-chariklo-standard npm...