Malicious code in comet-parcel-perseus-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector adf0ffe22d6274e2d68cbd8b7e0137a7cec73c28d054414aef976087863d26de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in charon-inquirer-bellatrix-global (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a45ddb73e1ae89fa61983ff99b6536cb6dd6cf474fb310c407b8cad8b5533fb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in callisto-cygnus-supervisor-blitz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b7899891f8cc925ee20ff0796029e82e650d8e993a8700427c6e262950b1045 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hugo-cassini-gulp-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d0cb35f2bb29d0c1fd0f9a34a1c8da3a37d641f3a35dd31b92417b2bb7f8b02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in aldebaran-fetch-node-sass-koa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2879d3def66a72ef1d6909f23252125f3bc1b2ded6df7f86f4856c3ce31a567 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-csrf-ignite-bunyan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acfd3b91a49b333d4e3b551e825ad73ebabb48af5696ee496404e652d6a1ee9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148587 Malicious code in test-winston-eleventy-elara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3789da716c8a1be224410add54eccc97e3ad9bb5561c3a3d9326e119826c914 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146377 Malicious code in polaris-writable-nova-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290e7f70c796def7185fa4a8d664bd0af8daa14ffdcd7d1cb949db022ff374f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142687 Malicious code in framework-mysql-regulus-element-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4713f90c44e813de6e1ae468be5e23ecf7228066c5cb246888f727377943d601 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141443 Malicious code in dactyl-galaxy-quasar-uglify-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86057f9e811638ad1ceaecfbf45565c63cb2d6021f27fd1e67c878f87e002e19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nuxtjs-achernar-sadr-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca69bed6f1ac5109bb281b861bd2e93d1e31ed3f606518daff1af52293e8b111 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in public-antares-publish-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 442f698cd7eebc7094f442dbfa1c98b3bec319e5d6970fcc71409972471deacb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-uglify-js-uninstall-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9e617966f95f14dfc7533b56c77f9f8aead0d58a5ada8990958634402c7bca This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-ini-babel-mdx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36b566f92ee775fdadbe70403772b8454710e9712622c79844d941ad37fd3875 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in restart-helios-metalsmith-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53eb87ce92ab285b72ad75a25b3357183a98accf962cb853dcec26bebee2f932 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-xenos-fornax-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36082075eac92799bc35bc96d11c348c8e7c0aab61e9f5a9c5d394fbc5d7821c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in oauth-dotenv-safe-sagitta-postgres (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b2a9426c6344cc12dc0c13201ef225ffc7651bcf98aca5a8f8fc981a1464400 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in radiant-vuetify-pulsar-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd5c4b7e2c2de1ea070292038e89f90d1b8687fb1eb1ead236ee6a082436ce7e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in registry-server-jekyll-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae00849917075b7ff0a50029a91669d6550d116557fba279eb8d538fbe4ef6dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in duplex-galaxy-postgres-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e258dc5e9b5fb277fc19f420f2898fcc42e171ed175cd5bb214e6b80bea57e01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...