MAL-2025-157715 Malicious code in kuinsu-lki-kopannataiabumi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0b3149c9e60392ce7dff8edc05be73c1eaf892a9d9c586d1aba4fe14da4b32d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-116304 Malicious code in open_alpaca_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6092370c455169a99a6e0ae8133a420d900b719e73ecc540a2d15695dd4fac2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-52216 Malicious code in maman-klipo15-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 892513de5bd7ca7b54b4349ccd23a02e7ffae948103a5ba835fcb58a5e14e16f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-2630 Malicious code in @ofjaaah/jose2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebd3f76646b8605352a4f16ce597be1bc5465c4fe3856d9a333b5975d8a0f4a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...