MAL-2025-143053 Malicious code in grunt-astro-geckodriver-standard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d1be0f2bf539ff1222567468e6365afcb79ff15bd5b2b4407cf0121b5d75024 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143694 Malicious code in io-elektra-chakra-ui-configstore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06ec836c25be7c8fccdbaefff9c32a7db893a66dbeab6e8597a1524652329167 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cluster-dynamo-morgan-radiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d84da019afb622dfa09353a9c9711f4741db22e7ebeb3f066c21ec53ba3faec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in carina-antares-rimraf-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93627bbc7ce4a38b5911bffd0a7a9060f9c39f63e3149eb715967d6cc7c40e6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in changelog-typeorm-ursa-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbbaeeabd6ac963216968ece8cff8b5e1740bff68ee18b990b5ac749e299434e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quito-firebase-supervisor-spinner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5a09f7f0d9ead6a273ab5178cea56b022f83751858faba9668dbe82686d7978 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in schema-csv-octans-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c3ff1d427c6dc5249ebd942a1b207b0ea02860a4d1ee16fa12badf4b8206eae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-fornax-betelgeuse-element-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3404c1a6247e9db097e33c1be9d5720d9c12618365536e813f891f26d2a35942 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webpack-yakutsk-tailwindcss-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25825cc6a045d46e8a6a37b1471e8c3cecd611ebb0c739ebb6da4d03503de226 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eris-eslint-plugin-slidev-resolvers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0320e0d702a39f689225390ed9c2d557b760f8f092af53cc00dbb747f1c95c68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webpack-chakra-ui-style-loader-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a2ecdc1f1c9dd4e7569cd2dcd1aaadc864953a62692e919a4d01de8ecd3e943 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-karma-hermes-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42f90b05b302362247d64cd0c5a11bb9f4ee4e063a4a21e562f0357cc4bc8716 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transform-delphinus-umbriel-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc77480c85e2dc600bb9dd6a059ad4740573e114bceada95a408d31a4d3eea09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fork-deneb-markdownlint-child-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba93b7930e02ad6837f30249a13d5e8d223ae7bce1c99c7df9c99223d8c22ae6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in aquarius-sagitta-delphinus-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d591d1973e0d501c44c5aed9f6e6e63246cb03c6205caaad5d1213a3263e4f43 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phoebe-morgan-install-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab149e6b00233a3917e702b778911be536e064049d6f4363b601405122a9e30e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in castor-spinner-async-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60a7ffb45dc2db3ff1f356c7e393e67f1de1d339af5165815c7bc65a9702f209 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vuepress-pegasus-gravity-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2f30b9d98da16f6d11401b6e3f4e7a2a556ca0adb7e3e59cb98234cbe0a3409 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriver-mocha-ceres-luna-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee7a97f730f21cd4e2b8910f8c1586bab544db567eaa521c459296caeb2b0542 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hugo-tethys-mini-css-extract-plugin-ceres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7dbc624650bc0b3834c7a8d66f0048884cd10d0c3ba1da0fb8be592def28e9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...