MAL-2025-144608 Malicious code in lyra-grus-csv-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e23074145049a720e304aacae238b9e6e91e6e85a207ebbd06a7a074a4f7fa95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141809 Malicious code in duplex-galaxy-postgres-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e258dc5e9b5fb277fc19f420f2898fcc42e171ed175cd5bb214e6b80bea57e01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148282 Malicious code in start-stop-terser-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51be2fc585f72ac5e1c652ece518c196302ce3e5048abec0a7233a0cdc0b4fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140030 Malicious code in blaze-release-it-cross-env-yakutsk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 035760773f3f844c226c558569ddd03e46481efc0be79bcfc58a3adea2384f53 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140928 Malicious code in commitizen-csv-impulse-wasat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce9b3fc630c93a6b5abcd841a0ea99789e5e3c89feb5c01aa57716144c2665c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147777 Malicious code in sedna-mongoose-mdx-taurus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f685c7f1a1ccbaf9d2854a73087c26e670062432dfb5c8300287384444aca577 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146816 Malicious code in publish-start-mui-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c753e9b5f17f02656f2a537db53ead0d5f94e89644dc3b25a18ad0035a7845b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141977 Malicious code in element-ui-pino-pretty-miranda-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b50277e8503056daf632dee3b6f8e95f0bd81b20434b0d5b3fdc14f87eeb96cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146377 Malicious code in polaris-writable-nova-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290e7f70c796def7185fa4a8d664bd0af8daa14ffdcd7d1cb949db022ff374f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148046 Malicious code in socketio-buffer-version-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 517151a6ccede16b7c4c18188be61ff22d3349046b3dfe886953d1350134bc0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146425 Malicious code in postcss-xanadu-test-mira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 829bbcc100b6a0075043e2dbd7df90af59ab633374fca956c513e20a11fd2a34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139995 Malicious code in betelgeuse-octans-venus-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33571f015c46e84fa6fba8638064826f599bbdff229f5ad4a15ad7405eddb455 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wezen-gridsome-odin-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19091a2914c2f8bd7d09ffb63692588d7e84837374a86370809181c64fa1a889 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-cache-andromeda-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a69f1e0e67e5d014f4810d287a413d9c3f360df647b2978a8a65cd71af5f0a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in supervisor-miranda-despina-supervisor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 419a8fbc6fc410da36fd23007851d4f52fe1bb11898f8c3f8cbacbc2e24103ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wezen-airbnb-apollo-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 497b37af348964b032eddc3ce59b194d73d50bcef3f435254bfc827f0218a106 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in writable-umbriel-betelgeuse-altair (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49aed667d56d8cc8885f4af0fcabcf078c4098c9b6ba017f25d958cddd56a802 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in achernar-eris-halley-wolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb67b048a0c6e8814eae9316db3934da6078e2a0cd2b8227ba096492e3f4d96d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-xenos-fornax-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36082075eac92799bc35bc96d11c348c8e7c0aab61e9f5a9c5d394fbc5d7821c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apex-charon-bellatrix-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d45efaa2137362f3875d3d485c2cbe47b7af8b35490c7f6d3da3eecf4e1be69 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...