MAL-2025-153883 Malicious code in bitha-82 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 154274a91b069be4b696df8d1432cb83ae13d8208ab3ca28641f51f3d10fa604 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-151817 Malicious code in aiboa-mioloipe-agat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17892c1e9703e9aba5c9ed6cf0b754f823ad760449900427152c7ef8a026e53a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-163987 Malicious code in parwo-poke18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c93a384e7a79d8162dfe8e0e84e328856a610e75315d57046141825af387e54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-153450 Malicious code in avminh-afsa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d9d71eaac64cbf261242f3b7814c0918bf01af3b2076835a4b474eb33e4a8f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-161082 Malicious code in mutaus-manis-namad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c372ba83f2ff58994ab8a3779ac985c0cac0b290ed5e55889c9fb2ea9c1656f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-164796 Malicious code in rinto-poke26 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7c98556e783a0f828eb1a94dc69fff38f89790eaabb6292f5e3c64d43239d06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-163792 Malicious code in nudela-ofgaf-gafgai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0d8b8c41c74d7141d4c2c237e322f1b1e34eec753ac0501200553984cab3371 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in private-halley-nodejs-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a15a54cc1eb0ce2d148b3ff7677e250f4387a0900f4a6bdb4e0858a664f377 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in europa-child-process-link-reveal-md (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d22975fc0b1cef30e326d92c69dd05052e47b7277630c2b57b0dcf5e1986f379 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146034 Malicious code in pegasus-helios-bootstrap-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 443c660eeccc84458663b73683dd4f9945a478b35f6e205b836a99b218487f68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141488 Malicious code in deimos-aurora-electron-unuk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84e10a38bcf028cceb598cc95ab3b984714b62224cdf73e92b6551b32bcfc448 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146553 Malicious code in process-init-ignite-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a7d7a22bee9c6cbc25e4eafaa2b8204550e9878e62c1a1daa58a95ef584e62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-aurora-mensa-cluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 314a9b30e500b1aa27850cd7078ace3a9ca58b62ef8ef1925f4b3e585475f6be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-europa-xerxes-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71b016074ca2bf81d31113e17620b1a0ae9d8d9e1abef97cc8f872badf16e6e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-bunyan-gravity-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2eacda54269d846216b2965011da9338f715414b6ca27ff630368fe01ae84f84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-aquarius-sagitta-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a2c5f0435131752da2bad4f7665defc92fab4cab7d0cfadf82a1fee411e6acb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in development-ini-start-epimetheus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4617475d964864836f5e94abaf991f558e3dedca1e65661637a22c5cb9e884be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-indus-chai-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a640f3907673006d43312fd214e58ae21c5fce51c501635b7586b270b94c1416 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in graphql-webdriverio-husky-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce5148b0a76281c79123cbe77e4c2e9157b06d62345dc817344997543ac5c6b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in procyon-castor-rate-limiter-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8b8d5eadb862ab0380ce00e88203c061c6c85618af21748e2e962dd1ef25b5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...