MAL-2025-149571 Malicious code in writable-karma-kronos-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdb358fc9ebea40fbbf076585b22fed306191058ee9233a9abe101fbc18c1da8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147863 Malicious code in sequelize-convict-wasat-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c8a371ffec811bbe299709921e05c8eb65ef5d526eb298988dbcbb38588651b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146047 Malicious code in pegasus-readable-request-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8937ff6041de5d507174ef62c688dad04838d26846a186dbe6f7ddf944c3ff94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146077 Malicious code in perseus-colors-schema-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bee6fcebd73680a62ed9f99126853217c03c9c567b7e59687a3212e50d45158 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148282 Malicious code in start-stop-terser-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51be2fc585f72ac5e1c652ece518c196302ce3e5048abec0a7233a0cdc0b4fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148586 Malicious code in test-umbriel-postcss-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7653aca1f1686de272649e61e1bde312c3bf99f0ef8ab440834e77b4c521883a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142461 Malicious code in fetch-virgo-pegasus-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccd32cdf50e098d0e2c2077c240e4daeb39d7defafc0a8c6f4ddebe06fe32de8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142755 Malicious code in gacrux-chromedriver-cosmiconfig-markdownlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f882b9247107fb64a948c02c6d307448b291c19157e87e972e947643ece1623f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148262 Malicious code in start-avior-node-config-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67b94b90f7b87c9bcbf8fa48442a4412439280a7051468f929eb40ad950469d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142218 Malicious code in eslint-fomalhaut-lint-staged-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb105ce95665918097d4d61401177afe8ca59a34d9f9753e8c40e94ae07b8d54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145825 Malicious code in ophiuchus-kinetic-development-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7cead306982c4e53b259b7fe60ba0baf7a14b6ea52db778371e3b45751817ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139278 Malicious code in aldebaran-gatsby-phoenix-toml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35784680b56a34e605ce149c9cfb50e108268e0841aa302c3aea60dc7460f7dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149522 Malicious code in winston-procyon-norma-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d0a7b8a2c352bbf7bae65cdea75bbfb5e043e5d4200b05dbe0ac09a2a07df52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147943 Malicious code in sirius-config-npm-restart (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bf75866116c886d6513c5ffb9d715f6f54cfd7a6980ebb2a1aed4dc2c7056d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144608 Malicious code in lyra-grus-csv-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e23074145049a720e304aacae238b9e6e91e6e85a207ebbd06a7a074a4f7fa95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148587 Malicious code in test-winston-eleventy-elara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3789da716c8a1be224410add54eccc97e3ad9bb5561c3a3d9326e119826c914 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146377 Malicious code in polaris-writable-nova-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290e7f70c796def7185fa4a8d664bd0af8daa14ffdcd7d1cb949db022ff374f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142631 Malicious code in fornax-loglevel-xanadu-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f4564c10a88dbb40742a117cd51e90da16d563a33c2464c01b686df5490cb33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139812 Malicious code in await-venus-oauth-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12768900fb6531d21a6c7d38c5d1cdbfe8e4317e241ff500685713b38f7aafe2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147718 Malicious code in scorpius-uglify-js-grunt-mdx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa7bf0478efc3b2a9cce6d79cf93e4ccee6ad6fb3c74baa90e251c8477bf18ce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...