Malicious code in transport-technocracy-geomorphology-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 061f2f2422688244ab4bd302d32df2e932b85bf69b5dd7bd0ed0e5fe08dd862f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ultra-html-webpack-plugin-zenith-quito (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 854f44ca4df072d11c0a459bc99fb7561906493f41e538370f65715dcc2c9d5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in user-benchmark-omega-benchmark-socket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 695b5fa53b0ff23c05d1405285ee407040eee45a0bfb4eb1018bc5bc7f8652b0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in virtualize-kernel-string-cluster-mu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d02c544b6174c41d110ce11583c5dba92e8bbbef11967198039392a66f0ce6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in void-oberon-supernova-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1662dd30a3bfdab50f06631023e83a010a07f87f264297ccff4a1f470029289c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriver-manager-ethology-kastra-biotechnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4d50f3fa880cc105429f154e2bc09e5b09429538db303307688c9609ca30e2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriver-mocha-isostasy-arcturus-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2f393ecb95e8e9f5f3425763254c5601275e09c6da401d019ce63fa0756169 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xml-oberon-axios-neuromorphic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d055296cad7864006fae38c855357f3989b269c0e15811c27891d9d0a2c49d60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xo-sequelize-thermochronology-resonance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e182fb3819c16f6cc287c32a13afaf3df0329fb225a9f3c84ac6513d88660bb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in draco-terser-webpack-plugin-hermes-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfc47154389db6b336180cea32210fc4d2ad1ab645c023aa1af51c7d31900f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in achernar-oberon-lint-staged-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01fbe5fbc07c10352f1d16b4b7e9d07886575f92405b0512a75a06a0655b6367 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eris-umbra-dotenv-scorpius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dbf7714f75abefdecf0f36cce8d8391b67049c271697d541efac035b1b66ae5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in commitlint-chalk-eclipse-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b08cb43ec4ac2e4a214da7f273798b819d8970ac0a947c0225b6f9a4d62c83b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in config-cross-env-nova-bunyan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eec2e3c10bc0dfd078bb269217828be6878379754bbd7321847eb20ddb238aa4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in borealis-hercules-ora-lyra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9629f8a43475f540dbda3704d798a24991f7120a96a82ddb110b11d79e356e1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in process-simulate-parse-integer-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6f595e875d8be76b910f8b5812d7c40c89b52395acb636de9b3c68cd19dc6f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phenomic-loopback-rigel-mechatronics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd2c60808f9819379866cda6ffe21efd73b974a445126a3dbefeaf8be4e60424 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chalk-paleoclimatology-dependencies-parsec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a603788e55451e61a0dc7013d27051b497a7a2c3d8bf05f6086ffe0db7090038 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in star-private-minify-bad-compress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c073ea8c71ff7c1c682370bd5c071b312cff6ebdf04d0b7966fe8d9f0e529a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189240 Malicious code in rigel-toml-meteor-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb277329d6ab2c16e35a5db9786b3b32d0cc5ff257df12232dd1afb5ee4bb67f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...