MAL-2025-164727 Malicious code in rino-poke78 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a651add57774e07d461650d3734ddd0a22b37924dd11f85cbe702603e00384fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-158035 Malicious code in layla-poke5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 367469bbbce07290d65898a50ed7692ad4c603e3d3df7ff0b6817a63e1ee3fdc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-150262 Malicious code in @mipta1/sura (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be5187ebb8018dd8c4e964433cda3b616c596dcb42b06c1d58c25fb00e05a039 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155609 Malicious code in hafiz-6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed20b0af7eb17320b96c13d403409e3bf8f39d9e2ab3c40f175e115e0c3d5a46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-154288 Malicious code in dfss-nduatd-mulidao (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d17a3ca0519863beb31273a18a3e3e22153fa07e1f4aca014b911e0ab4bd6b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-169505 Malicious code in uaragifa-afat-uar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 960ba4647949de0a81fda38c010c80cafb1858ee8dbc47790802c89a99f7f03b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-158899 Malicious code in lookingan-namalaka83 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c833afa26d62bc8e78f416a19539526404105bc260ff5d2b34ecfb9f927ceb6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-162506 Malicious code in nokire-genji2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58c771dcd6dce7eb3f7ad84fabfcbb45c3850b77c08542202328cdc3e0b6ff7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-155348 Malicious code in goodmanmax9250-tight-straight (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9c913f2e6363e5bb8f9001baca018b1685b2693904bdb438356f76d7b509ed2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in jurss-gsasasd-10as (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b49225d154d6b433ad1d0b78cc0cc591812621efd8a97aadb22473d1851740 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wolf-cross-env-markdown-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bf92b6b8c6a2644f72700eeb3abdadd149b76826d296338e032bf88f95a1e0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hyperion-janus-install-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1da56dfbaf426b14061db0d5d88f995bbf095fc244d4628fc777d9f7a637de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in inquirer-nextjs-galaxy-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27bcdd082ce996def33fdd212572b9582cbc25f6717782a182c5688ad39d01c5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in achernar-eris-halley-wolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb67b048a0c6e8814eae9316db3934da6078e2a0cd2b8227ba096492e3f4d96d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apex-charon-bellatrix-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d45efaa2137362f3875d3d485c2cbe47b7af8b35490c7f6d3da3eecf4e1be69 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-mongoose-mini-css-extract-plugin-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62ff2d997a3921a2cfcfc49b398c173f42620dd3ec2c30e47b5b83e91b550b84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hyperion-terser-spica-element-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f7d06e1d74d0e755f921a537a0e0ee13bcb86925886eef5f4deae57cdf62524 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hydra-private-quantum-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7752eea6c390ecdad596c26d970535b56ffc581203dd983c86e96c291b7694c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kaus-elara-relay-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c55997285779079206d39209f938d28c698c67eebc5704e9a8b02cafa6a34d0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144988 Malicious code in mini-css-extract-plugin-postcss-hapi-protractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01be8cfa96e4044e64f8c668c0d1417368b0897ee88586a73bd7dd7c873c629d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...