MAL-2025-148586 Malicious code in test-umbriel-postcss-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7653aca1f1686de272649e61e1bde312c3bf99f0ef8ab440834e77b4c521883a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142755 Malicious code in gacrux-chromedriver-cosmiconfig-markdownlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f882b9247107fb64a948c02c6d307448b291c19157e87e972e947643ece1623f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142791 Malicious code in galaxy-materialize-morgan-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01266a13930e2fd4fb31b7403bd93427563c148b3eeb6de69a97234b2cc97101 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145825 Malicious code in ophiuchus-kinetic-development-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7cead306982c4e53b259b7fe60ba0baf7a14b6ea52db778371e3b45751817ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149005 Malicious code in upgrade-celeste-subscription-avior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1564bb9d0715008853e1d1e6481753b878a80830a3c8fca82c3f2ed71aeb9355 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141772 Malicious code in dotenv-safe-protractor-bellatrix-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8193c16d4b5afbfe238ebe608716ba96c5fff7255b801cd103a6d0ee39f61375 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140673 Malicious code in changelog-library-morgan-build (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55450bda6649eced55284a2e5cb1d17294f7d951afd2040f864d9af5c7287948 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146391 Malicious code in postcss-loader-css-minimizer-webpack-plugin-achernar-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd5bb703b8e57411fa94222b918c4cd6f4d263eb9ae29e98c2aa60912ac969b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146173 Malicious code in phoebe-publish-gemini-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c346999cc24172ed14d568998d9240bf3ca1888626c6c643f1881bc8aba87b96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145398 Malicious code in nestjs-local-less-titan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a585851bb7e48da08bdaa215566063a5c8743693cb1a4763381e603664cda19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144160 Malicious code in kaus-vuetify-deneb-octans (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fefb79e2456ee39eaac3f8098f9bab91b03aae22ed83bb9fa8faf7cff8769ce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140150 Malicious code in buffer-achernar-winston-triton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a565a391c2111e7bfc57ebe2f777db3411010b05f0da531578022935b325ea29 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139618 Malicious code in astro-test-corvus-impulse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6382e0cad627d040444c87f7effe7c6a89f01da98d9d02c5251e2f3881960d02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147718 Malicious code in scorpius-uglify-js-grunt-mdx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa7bf0478efc3b2a9cce6d79cf93e4ccee6ad6fb3c74baa90e251c8477bf18ce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147041 Malicious code in rate-limiter-jwt-webdriver-mocha-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1e04d7f7b551e7e6f9fdb1556df939ec9d20f1e327e2f91aab3dea5792b6d88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148282 Malicious code in start-stop-terser-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c51be2fc585f72ac5e1c652ece518c196302ce3e5048abec0a7233a0cdc0b4fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146377 Malicious code in polaris-writable-nova-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 290e7f70c796def7185fa4a8d664bd0af8daa14ffdcd7d1cb949db022ff374f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139812 Malicious code in await-venus-oauth-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12768900fb6531d21a6c7d38c5d1cdbfe8e4317e241ff500685713b38f7aafe2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149184 Malicious code in vortex-loglevel-deimos-webdriver-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 269a15bdf3c8662d095749c92ca6e42d874ed013fb01d41651bb4bba8068a36b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140068 Malicious code in blitz-zenith-flare-hapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5457b432b98f1a1c93c0545fcb9a402ec65ced668164a76265adace81149fbe5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...