MAL-2025-190423 Malicious code in yaml-chi-cloud-nu-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f23374d8415feaec69ffee45d782c1abaca7d176af8b9626e1a1ce2395eb60d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189862 Malicious code in terraforming-filament-got-dione (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0245ded8963921b58e23bb01f640b9793148f6172410251d42eb870406270296 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190353 Malicious code in xanthus-child-process-radiant-biotechnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0772cba129a84f6a60d24186646d0488d9fea195f97e08ef3a181221632a17c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185628 Malicious code in async-public-eslint-plugin-loop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8260827b01d06f49fa980d26d357da964681809e032e0c1e4ea86afb5a6ad66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190328 Malicious code in winston-adonis-dotenv-parse-variables-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f796a64813b30c1c12b1198d74b70b219329a69f9abb0697a70bb9cde818dc7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190014 Malicious code in typeorm-csv-troposphere-socketio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e73547aa88679589280af7f97832cc643441c415a7b0c69aa00448db76023b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190284 Malicious code in webdriverio-umbriel-sequelize-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 367388f26f8901408f98dabc1ad28b7b62064486fc25c56a4c1d0405469cb2f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187272 Malicious code in halley-unuk-hyperion-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c9506d8e26da1a023822ac60bbd1d414afd9ff2d27728755bfac524a22a8579 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flights-ilutg-iduhisa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0b31c70d46bd76f0e997e469790865ebf9ac8591572d39048e0d42685af3299 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mitoko-on-lakia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e42b51d885eb914d63a3cd8c4420754611482c9140ec7d0ad58f939701cc25b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lobac-ubb-gafufb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c27e8dfdd75fda48b9cef91946d865c73f5c24de991abd12ab8ea9050d5af4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lobac-ubb-afa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37227faef04f109d8d7ea10d274503d937ede9f361b00722bfb76df38f5b01ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185214 Malicious code in sonic-os-fusiaadog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e2784c2073485ae2b5cd89d5d067d23f8d93fdb0fb44818f97b557ba7cde626 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183640 Malicious code in mahnu-noy-gitsogapo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f5e7e4abaa93bf15bca06857d17ded1ead747ad733b68d361eddac437bfd95d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-184426 Malicious code in modiov-kilan-avumanfaiab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca0193fa5b27956614ea7deea4443848d080d23fe6480a9dc3663759267c510d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183835 Malicious code in masolv-ilo-cvaginahu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bff28b98af7ac7a673d80d5a2d5ec49dd7051c1c277ec7a387cd668081d21cd1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

@akunsansan0/jorelat (=1.0.0), @akunsansan0/jorelat1 (=1.0.0) +31 more potentially affected by unknown CVE via teagunup99 (=1.1.5)

teagunup99 NPM version =1.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on teagunup99 and may be impacted: - @akunsansan0/jorelat =1.0.0 - @akunsansan0/jorelat1 =1.0.0 - @akunsansan0/jorelat10 =1.0.0 - @akunsansan0/jorelat11 =1.0.0 -...

MAL-2025-180529 Malicious code in teate-thy-sonic-iwetob (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 212a48f0ba0d1f4699ebdb517f45ef598f35e9987232b890a702802c931873bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in teate-thy-sonic-imri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e7ae8b8550c8e0edc06f23fdf4a90233493c3e6dd38745e1fa78616541576ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in teate-thy-sonic-ekwut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e897386d4d188e2625688ac40be3c20fc2022538945e9d0aff39ed612eeae984 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...