MAL-2025-147387 Malicious code in restart-octans-kastra-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afb07606dd886e1bdb0d5bfcbbff59795c376489c1df9985da7c1ba407f7d97e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146553 Malicious code in process-init-ignite-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2a7d7a22bee9c6cbc25e4eafaa2b8204550e9878e62c1a1daa58a95ef584e62 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in graphql-webdriverio-husky-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce5148b0a76281c79123cbe77e4c2e9157b06d62345dc817344997543ac5c6b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-aurora-mensa-cluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 314a9b30e500b1aa27850cd7078ace3a9ca58b62ef8ef1925f4b3e585475f6be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in run-script-charon-rigel-koa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6b81c14674542e9356c3817bc7e5d57607720d23252ff3006a97b314cf0b872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147730 Malicious code in scripts-eridanus-duplex-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cc40e9b3651a910d7a97424e0a6b2f9dfb784f58b1ac169adad47c54b88f1e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139289 Malicious code in algol-aurora-uninstall-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e26acb818d7d6462dc6b7af9a975034aae6a01486b28b5de249c943e90eee21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in express-delphinus-odin-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d12de1692a296b43888026ae5f4cf6d26cb58c03051a26680bde2d2a9829708 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141169 Malicious code in corvus-webdriver-manager-vulcan-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5135e94b844719cf58de133a7f391313a0e7400a94f34c8c5c86d4ec1814d2da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147742 Malicious code in scripts-pino-event-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 128e90a0f35a135ee0249d752b33a18aaea7dba4c4b0e42facd5a5fc7438b978 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139786 Malicious code in avior-solis-grus-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e1bdfdc7bb97c3e6f4552241ddd6ae1a7be05ef2b820b1547391c9765a70c08 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149638 Malicious code in xanthus-stop-antares-carina (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aff18b7ebab6c38ebb608d171a38a0950de81bd26c3a9d4c476745990464a6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141603 Malicious code in despina-ora-jekyll-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b501de8f1360e66a72f590aaf705c1d3fcaa02d6de0c93e9334b191b2e1b00e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141488 Malicious code in deimos-aurora-electron-unuk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84e10a38bcf028cceb598cc95ab3b984714b62224cdf73e92b6551b32bcfc448 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146034 Malicious code in pegasus-helios-bootstrap-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 443c660eeccc84458663b73683dd4f9945a478b35f6e205b836a99b218487f68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-aquarius-sagitta-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a2c5f0435131752da2bad4f7665defc92fab4cab7d0cfadf82a1fee411e6acb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in development-ini-start-epimetheus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4617475d964864836f5e94abaf991f558e3dedca1e65661637a22c5cb9e884be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in procyon-castor-rate-limiter-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8b8d5eadb862ab0380ce00e88203c061c6c85618af21748e2e962dd1ef25b5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-indus-chai-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a640f3907673006d43312fd214e58ae21c5fce51c501635b7586b270b94c1416 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144590 Malicious code in lynx-csv-bunyan-repository (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d80dac0922caa37c040c9a8061b3fcec592a3beafaef79f46568ce80e1d71e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...