MAL-2025-139618 Malicious code in astro-test-corvus-impulse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6382e0cad627d040444c87f7effe7c6a89f01da98d9d02c5251e2f3881960d02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149571 Malicious code in writable-karma-kronos-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdb358fc9ebea40fbbf076585b22fed306191058ee9233a9abe101fbc18c1da8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146077 Malicious code in perseus-colors-schema-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bee6fcebd73680a62ed9f99126853217c03c9c567b7e59687a3212e50d45158 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147863 Malicious code in sequelize-convict-wasat-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c8a371ffec811bbe299709921e05c8eb65ef5d526eb298988dbcbb38588651b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146047 Malicious code in pegasus-readable-request-sails (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8937ff6041de5d507174ef62c688dad04838d26846a186dbe6f7ddf944c3ff94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149522 Malicious code in winston-procyon-norma-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d0a7b8a2c352bbf7bae65cdea75bbfb5e043e5d4200b05dbe0ac09a2a07df52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148586 Malicious code in test-umbriel-postcss-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7653aca1f1686de272649e61e1bde312c3bf99f0ef8ab440834e77b4c521883a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144291 Malicious code in leda-rollup-mongodb-heka (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e8e055ded6c374433931709e21ef5dbbc32dd336f2b829628a9a9e900854e5e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146425 Malicious code in postcss-xanadu-test-mira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 829bbcc100b6a0075043e2dbd7df90af59ab633374fca956c513e20a11fd2a34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141387 Malicious code in cygnus-umbriel-inquirer-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c0bf2ab43841e4c62581daea5b6a0f8e07b10b3a8a9717077ae93295ea710f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lyra-hapi-airbnb-protractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c65055bd97dcce6cc8bccd65bf096b6499772061ed4af24b831f79df372a16f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142631 Malicious code in fornax-loglevel-xanadu-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f4564c10a88dbb40742a117cd51e90da16d563a33c2464c01b686df5490cb33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140361 Malicious code in canopus-kastra-arcturus-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ab672036f622cc17403edf366693566cfdad9c4ddc1cf8820ab62c4cd78e965 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139812 Malicious code in await-venus-oauth-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12768900fb6531d21a6c7d38c5d1cdbfe8e4317e241ff500685713b38f7aafe2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140409 Malicious code in carina-eslint-plugin-async-mui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c48ce8ba7d435958b6830b6a8a7fe21a24780cd82d392645324548f91b988f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143274 Malicious code in hercules-ceres-jest-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 968504ba2b4fd0f91b0925a1a6f37f0f562d4535dd22ce439ac50ad7e2326765 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149631 Malicious code in xanthus-middleware-sadr-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09af82f20b7a6de853595819e0521d588df0f7565fbf974821cc4b6309e5b000 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in alphard-writable-enceladus-webdriverio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ccfec4d2517dd03a12e8231fd31bc5c85ea5a4dbd11b1c6f704472ec91ca385 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in semantic-ui-convict-centaurus-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 177cb7690e3257e51d0d35be4fdaf3f3035da7d9eb4de02ddd3373e58cb79f5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147122 Malicious code in registry-csv-corvus-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f8533a9b1ca45fd27e66682a0d0a0ab2095d395ab5a7b5b0e0ec55e3c98200d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...