Malicious code in fornax-html-webpack-plugin-child-process-rollup-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87c748f511d4cd75bfcc08bada27b0c236b32a30a0db4a112c1e7c76ce1d6510 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in blaze-uninstall-pino-pretty-nestjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 012e1dd3b007039777a4a2c814e875e70312f0522f0beeb3372043b2aa4c8566 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in taurus-castor-concurrently-nextjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6fe561439df87bdc121339b0b1da0ea314d89fbf61cc470407caebb67f86795 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mongoose-firebase-local-uglify-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceadc074463bf36701cd49c234869395b1d563165730f2883014fd0532340a24 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in socketio-eslint-koa-typeorm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc3f0f58d2f73595ffcb105ce5fb3977d91e5a5c7bca9d99dd92da82d2923b8e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mdx-rimraf-subscription-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3ae0dfc03d7ef3da474f94bfe9820f5263c24effedec038236376a4ddf6da29 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mongodb-csv-hexo-kronos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94e4d05be8e2ad6f4fced8582bc9c7f7ba53cfa26c1b58a82d20866775f2c102 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nconf-backend-comet-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9af761dc5140f525098aed3c47cc1d795a86700f2c528c418a56ec570d847fac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mongoose-andromeda-janus-chai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0a74582e07ba3cac3a682590877158bd44f994397731036233950c92b4b26f28 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in semantic-release-fornax-xerxes-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccde657a05676a3e3b9f919622689ae943a012f86450f132569c5866c8e60b78 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lyra-leda-css-loader-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b65512863f456afde79316705ac47d3730e71049e0ea42f9e6941aadc0dcea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ultra-dynamo-foundation-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10b3b669ae32646ba1904a37fbdc812c5d0f58c8de7e5ea540f79e65395d1991 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sync-pulsar-child-process-gridsome (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eaf5acc9aeb09f39172e1ddf5a42d3c2acc0f8f2bb42d69a683d266971cf6452 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in module-polaris-scorpius-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2d7bb7acfdcb632979fc61f489d317fb02be5a72204d7cdf76e8f71b46d146fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-sedna-markdownlint-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b24b23272bb9a9b6fe57ada512032b74918ee0417d5834f858230c532e1bc667 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-ariel-metalsmith-css-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0edfbaf3006b6027e406e19e8a4d6215add69e23c09a4540decae8c630303be8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in backend-ursa-achernar-react-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28154fb6cf14fc46227c7074418385889b26097c09010124f744fee0a02f2dc6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139812 Malicious code in await-venus-oauth-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12768900fb6531d21a6c7d38c5d1cdbfe8e4317e241ff500685713b38f7aafe2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140361 Malicious code in canopus-kastra-arcturus-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab672036f622cc17403edf366693566cfdad9c4ddc1cf8820ab62c4cd78e965 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148587 Malicious code in test-winston-eleventy-elara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3789da716c8a1be224410add54eccc97e3ad9bb5561c3a3d9326e119826c914 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...