MAL-2025-147306 Malicious code in request-react-bootstrap-eslint-config-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05c42231242daa33d49ae67eb469553c9f5a0e324dfcb03cf0c480f9ada6ca83 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145257 Malicious code in mysql-optimize-css-assets-webpack-plugin-castor-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 550ccf08e3abaf7c172df12d438802d720d26d8c19209ea20c654059b77bd0d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143735 Malicious code in iota-node-config-nconf-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 776028f8550df0eb3f0612e558293396e665b35add8f207b7c3b8636a9fe1b6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140632 Malicious code in chakra-ui-webdriver-mocha-pavo-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27ed3e1020926010b75f154fe516081b5794dc162baab1b82a75940ecab865b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140071 Malicious code in bootes-betelgeuse-forever-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f642659a1b6ce09ff66cc79760e53f20dc42e315da65407b73126e5b9842d69b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146451 Malicious code in postgres-websockets-rocket-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dcdb7f97e93a2c4c9871540388ea14fb05fd1fde3053439339b3f20b7591e8a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144375 Malicious code in library-fornax-start-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a6a2c4abb42f5f3186fb4734f53bb98dec2cb33af1fd697699823bbf6cfe4d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140493 Malicious code in castor-rest-orbit-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 829f11bce1bd5202c40fe72edba2aeca19e4d77af75efa888c3d72fbdcb49c07 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140669 Malicious code in changelog-eris-apollo-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049d96747335ea7770993eb1f70fc96a4667abd33a8f58524be01f2c0992446b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142366 Malicious code in express-ariel-antares-loglevel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0274a45306399efeb99751314c5ad798fca3103e6af6cba51a2b547aa320a99 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143196 Malicious code in hapi-prompts-markdown-pdf-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70611763ec0820cf06f80352089a3d6edd38c7a1491891daf9f0bd9f35c623fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kaus-bellatrix-async-astro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4ef429d9f796ffdace8a3f703b2ae5197b3a9ee8fafd196f82b1f31c7c80adc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147965 Malicious code in sirius-parcel-electron-builder-rate-limiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d82865d2c4c118814f34f9e55544cc147c81d7874040ad365913faf99ebac58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145086 Malicious code in mocha-levels-buffer-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 890c0cae9df9cd10d926ab284ed252cf1cc4bdfdceba6c2355a481aae5936c37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139264 Malicious code in airbnb-transform-apollo-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 286babe43131b1bc5666a0fb2c46ea3d0a97b51b5aeee903c931463caf7e1f60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146376 Malicious code in polaris-weywot-ganymede-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 170d3e04ad289a69b3ceb68f5917088fd708a09b8b96f4ab8261e3123b32e2ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142842 Malicious code in gatsby-exec-foundation-gulp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08aaa4659fe961e104e5a69e278baf5b0518eb53c8882b3de7b2bee0c88b2e8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141008 Malicious code in concurrently-koa-jupiter-morgan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c406a48340215dfc297931ea310432a4f8af4887c0ac52bb24dc2a6d0c56388e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143785 Malicious code in jabbah-nuxtjs-spica-loopback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c6404a455bb29d3f9893290050e6e8982e6a5dbc7c9429a4f25827345da287 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145016 Malicious code in mira-polaris-forever-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9839ca6c0ed2a3abb6097d7ab67e407b1aa3ab53b40751672e7c85aeabc8394a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...