MAL-2025-144809 Malicious code in meissa-ini-xo-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dc70c450a64a22896397ed0c5c435ee915be7a5a41639f799b2c2c55782609e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149655 Malicious code in xenon-oberon-semantic-release-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0928c9c81d167db71db3f299e5566b1a13b3aee1d5842453431229e9ecbcf7b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143117 Malicious code in gulp-json-buffer-grus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60f5c127955b6f819a7c29832a75f751a7060b856d48eeca69ce552869a8fd0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144591 Malicious code in lynx-dotenv-safe-nodejs-json (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6919ad399f328ce955067abf86547693652653aed9b5c770929d62db585751ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140703 Malicious code in chariklo-mini-css-extract-plugin-rollup-google (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4885d904321f1e54289c15c6b9924e8d678610816b44065f535762c4433516f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in halley-graphql-miranda-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 294a60f8bc8353187fcdc637762aa04ae29fba73de6a28272a0e39cffb15dd41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146816 Malicious code in publish-start-mui-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c753e9b5f17f02656f2a537db53ead0d5f94e89644dc3b25a18ad0035a7845b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149522 Malicious code in winston-procyon-norma-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d0a7b8a2c352bbf7bae65cdea75bbfb5e043e5d4200b05dbe0ac09a2a07df52 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148262 Malicious code in start-avior-node-config-zephyr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67b94b90f7b87c9bcbf8fa48442a4412439280a7051468f929eb40ad950469d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142340 Malicious code in exec-fusion-backend-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 014d99acd1501becd1077febb9a8685ac031547e536086bee7f85daedf576a56 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147122 Malicious code in registry-csv-corvus-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f8533a9b1ca45fd27e66682a0d0a0ab2095d395ab5a7b5b0e0ec55e3c98200d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144583 Malicious code in luna-spectron-webdriver-miranda-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93e4122b6e302ce6fed13782e4725c133775ac1f71e3474a36b3669158be714c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144507 Malicious code in loglevel-dorado-cygnus-apex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d20dcbe7930e4780eb2a5484ca95bfe14521c72f890429e81afc68209d96c2ad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143250 Malicious code in helmet-deimos-enceladus-atlas (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c6e531a39369437b0527d81e78bfd05af9e42257dbe3cfc838ba5a7f11ebb2e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148317 Malicious code in stream-ganymede-semantic-ui-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d2d21c2aba42884dc74a9306d2b5780925eac3e6e9fbc5db65bb2e22d780c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143053 Malicious code in grunt-astro-geckodriver-standard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d1be0f2bf539ff1222567468e6365afcb79ff15bd5b2b4407cf0121b5d75024 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nodemon-nestjs-juno-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f7590f0ff3753b613157316d13bfbe14edecb65e1df69e658f416e56c691cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kronos-antd-dorado-nextjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b8e09b76536f45aa4ef31616dc333b425d9f61069db20dbe9ec7a8b487ad6fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rough_wildebeest_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19108e27330f7983ea1c58606bfe8b88286db86f41acf90b79117985b4756a1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139148 Malicious code in near_owl_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae380128e7d87d2b82ad55d13198e6560306659f85226e358b62b95cecfbad44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...