Malicious code in reject-book-catch-module-short (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b8b14b5a95ce44e95fff509182c83b828055877000a05d9e7b4447abe77c430 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cressida-indus-epimetheus-borealis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86889f7ce22f369521ce2fceeef29b4481464a118b534f7a620ce86b6d283dfa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in winston-html-webpack-plugin-hologram-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a9afe8f4ab2829ba5b5196f1795f383340927d445f5df8c4dafeb0d41be9b8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in runtime-stack-awk-visualize-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29f5a4b7134730bc0468b4baf98a46892732f059846e6f73260ec464ed7e041f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pyxis-alphard-event-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 516651765e6ec2134077f6e0128dfeea44e2a4ea76469186f299a7daa07bf2ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dorado-development-troposphere-futurology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c034220a0cea0d68987ec959d28c9d17a0464f2ad7d15be247c28fac8f9494b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bulma-promise-redgiant-xenobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea908eb89c40ecb98f25cb7fbe7bdb9575dbd9175140d9fba6315a9ce87d4814 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in supercluster-webdriver-manager-pipe-alphard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85a7ac701472f75e35c202ab5cb1a8a538cbded87517bf15172d0e962d2d98ae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yaml-chi-cloud-nu-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f23374d8415feaec69ffee45d782c1abaca7d176af8b9626e1a1ce2395eb60d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in css-loader-castor-supervisor-elara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 193b52bbac9dd8c437627cdd8702135559f279b67db8494364cbc1d7a07bfec9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fusion-gravity-css-loader-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52baf9ca8ebdb49763df8f528108db23d21f441b6cd5d8a94e2be0ad3edd8db5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spinner-proxima-cybernetics-cosmochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7452dbccf4e36bdc41bf89259059d35e9ad079945737d08d43590057286583d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in async-css-minimizer-webpack-plugin-heka-redgiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33b0f9fca81fca86a14b33c7bfac2d72987607fea039001a9568eff34c879063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in biohacking-hexo-nebula-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 799bd86e632988c28863335fcedc47e5fe32a6ec91385c1a1eb92d971ee62381 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in beta-error-rho-authenticate-tree (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30cc2769230687e6e7eada5a89a33afaecb48c332be1d59dc5e4f2b0ba46f3f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nashira-betelgeuse-astrometry-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2786725101eb80281d006fa25c4c0f3dbe25a6cc1a67c411ded90ab4425df5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postcss-loader-install-thuban-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 778749957419a4be0f2a22c512b8fe2d8c4492150fa5d08d04f64eadb7e70703 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in less-antimatter-slides-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 977610f1e6c543929e89576e9ad15e37e573ef47a03271559a2b4e72c9d549d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in socketio-polaris-restart-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e80f723fb0c38fbfaf0efdc1c70d08acd508343dbd594e403fca9751fb9b1719 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186024 Malicious code in castor-magellan-halley-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f91c2d58b576b6b398598b006ff7330ccf27b074f3ba12ea2377ed20fee56b1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...