MAL-2025-141705 Malicious code in dotenv-csv-jekyll-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f602ea5a4d3e70788dc52fbd3fcfd4afcd27d68f5d379ce7818d10fa011db3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144044 Malicious code in juno-webpack-ceres-mensa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 489f77539ca50b4cd121834f2c9ffd7d72dc229c148b983939f45728486a3dda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140303 Malicious code in callback-package-apollo-chariklo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 629e16768c84e6856bf6028a33cbfb8789a89d5023aad21cb7224dddd26e1eb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hydra-canopus-subscription-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62b87c7c825a2db18e8c130977e889b347093d1698c32df204faa36afa5165c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in socketio-sedna-centauri-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81bf5c1589ac18e2c3471d0274bbd2f7da00cb75993fd0a325f908768672968c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in buffer-levels-commitlint-config-angular-protractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac128b29c04901328bcb6420c6ca7c26bc5e847daa6dc52991d4dc227b7dbe23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bulma-mutation-server-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e33c9fe09bdabfbe33847cdc28274813f327e3a1bbc8730cd30684270260cedc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chariklo-pegasus-ceres-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38cce7f7f73b27d1ed49505cebba1b4895214e8d3f89254d23015ae6620fd55b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cz-conventional-changelog-transform-kinetic-slidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ac90554ba04c26db8c766211102ee31b9b49ce27e14ea6f2e29a5a1bb870369 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in enif-meteor-protractor-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d280bc7059630f2c2989f4ae50b3817b2c915851150845a4b67d6caced3bf3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fomalhaut-phoebe-mocha-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f0c65dc66483e97c54b8468b7f9233fd0f70b6e6e03353e421697a43a22ca46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in html-webpack-plugin-hercules-aldebaran-electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fed239abd75124c4ab5323674a97933b59c4e293809eabac3b6a9e8f340b019 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jabbah-semantic-ui-development-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector faf9fa3d7871ff117c6867a82a58910f6a7327fe7bafcca683eb04b3bf6f4dcb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kaus-bellatrix-async-astro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4ef429d9f796ffdace8a3f703b2ae5197b3a9ee8fafd196f82b1f31c7c80adc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-staged-library-fork-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599e178fbd7b06563cee8ffa42611bd250dbf206a67592c620ac211ef0d23d4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in metalsmith-xml-thuban-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f60078b97cbd0fccfbf8cce00fe77723c5d62b3bf09c43ef64de4ce5da2320 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in module-polaris-dactyl-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a72463d4d1200e3476f7c45575a7a197213739bf5954a2109210a8d2d91f40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pegasus-antares-hydra-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebf4eed890ae6762a203cd1c723509b3f4c0d85ab699e8529f69ff62267e9489 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phoebe-webdriver-mocha-dotenv-safe-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4741cab512695c1c5578f08e6536747101c2e0fff2151fbfe86c9ec962f7f78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spica-andromeda-loglevel-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62ee7b475b2f16de2e6e7f62b3abf6ed1d28eb1e3edf099e0649c2203bbd9fab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...