MAL-2025-190369 Malicious code in xenon-comet-xo-quantum (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 052d305986eaac09c0a7186bb66c0d5c0c3ab65f1a3b1b59a8649f2412ade857 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189741 Malicious code in superagent-planckscale-prettier-transform (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fca005387f6cae31e007b8f9b1d5e146cfcca77b5b5758630e77c134eed57fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186332 Malicious code in cosmiconfig-xml-rehype-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c337d51a5afe782ff83bde8f55685686a71e8d4b23d52af00c64f247b76db8e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190467 Malicious code in zephyr-mongodb-wavefunction-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb6455e842bfed2e45795b6fa4955bfa999151b2b9d2cf8678f31179f7a042f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deneb-parallax-aldebaran-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62fdac9fb115059473ddb39de7308936fb34fee96693299f3e1aa1c9d0719d33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in helmet-geochronology-rigel-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d371d95824a99bc7c0274912a47abb83388ede4bef9957fd5ccc6581349b5988 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in resolvers-forever-mongoose-multiverse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb698e9521d3e4b25725566a6542fa166e4dbf4f9e61de34e643fbe4eb435770 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in abstract-decrypt-async-public-phi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51b85be1c1821e69911d086ceb1086440095d3c75414a4be0d017c6474f0df12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in aldebaran-halley-eris-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ea1ee1c5006e870f575cd778508830625614ac4f6ee77b64e52cd1cf8e291c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in array-public-code-async-decompress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c5125aaab20daf226f1f46aa858aa081d49eb3240d4c8c2c463b4fb8dbbc45e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in asthenosphere-package-eridanus-restart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00a85676bb495d8b9d6410743d9ad84b8230bc3881bdbc72bf79b065f1db8ee0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in authenticate-array-cluster-mock-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad84b36cde33af206233558b2f96f5182a2836be13c44e5c3ee34f9e9e69a6a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in awk-encode-good-byte-uglify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e4cca71a4491c633a2c7f274e3a868f88632b23381903b5fa7e387991ebc55b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-local-puppeteer-epigenetics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4a6d6dbfd6ed566627b43a2f32125740bc5874194d00ba5e1b805d7c17f74ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bioinformatics-async-wezen-quasar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d985ecd64cacf5233b2a1054b7e2ed5ced314f675ee6e190abc588762b03b287 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in byte-root-test-kappa-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9828a39584b83c1b225e4838169006453b25472c92126df3386cf377a7da123f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chalk-mui-neptune-cosmos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 136b3090f7d6b067b36297ef6ebb55a84557fb83a4e61d63cd6cefe4a117bd14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in configstore-mongoose-interferometry-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f133636e2272bb0b65af2b3b6e3d879ea3d585e9545d7aef5b0a04e987ed663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cosmology-levels-terser-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 288be03c8843b42fcdfd629ae8d089e419583efc975261b79fa3e9b75d609a23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in encrypt-meta-authenticate-log-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b652ac77988fd5095d31173051f104a9282bb6428032f99261ebbee04f6289 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...