Malicious code in jasmine-iota-apollo-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abb148d7fe3af5383c5182391ac79de62170ac8d4404462c54639a8bc134a119 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phenomic-gemini-adonis-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70e473e63486e2e3fb28b1c74b916ee10e38ac8e36cf418dc8213946bf8a4a0b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eta-proxy-omicron-theta-sanitize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236c542af2b6ed42542ff27935ed3593b1509125430b4348128a798de5c9fe1d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in subduction-pulsar-yaml-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fdcdd77876d0905b0625c6064e91a7bcc7cf4dd76d43162bb3a86d9a6a56da5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lyra-warp-dactyl-interferometry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0443e66fbe5e2851fc2339642f366487cc1173568243d8b77eee088e5e787a0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hexo-restart-farout-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5247e16048caf71cba989ce7d7576f498fa66a44e6060ab73d416196f8e68e95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in air-easy-dog-float-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5383247b85e0c729c376c538e98461587e02a8093897571bde55b8c251dcdfe9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in react-bootstrap-phoenix-janus-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bfaac5b13ee3615038f009dd8cc5708e1733b833f6322bcab514c56246a82d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gatsby-await-palynology-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d70de77bf70ec7002d967b917e7a999162d78c5472219f6ee6d07e7dd73baa80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-meissa-airbnb-outercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f90614fd54ad4b93ad60971086709bbd736fc4d959596cc79df4ddb78e672937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-neptune-webdriver-manager-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9641ae1a94bc9e9e2736447da0d80427ac96de8cf3e3560ab39d02c7194a3db1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in weywot-wezen-bootes-nodemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95af838a5409ad46c803f49911e5142c4505a584392775561fc0e5b1eb266f01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in triton-perseus-paleobotany-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a50047252fce66e072640cd3c4b7303162f58edd8f8ab3107fdfa9cd848674d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eslint-plugin-gacrux-wolf-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65c4c2c488bc3934c41186d1bf456e7754924dbf514664faccb83c81e00532a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cassini-hawkingradiation-rocket-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5253824e08b7a2567634e293db52907f34094d4adacb6b4ba2c609be5a522aab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-plugin-firebase-geochronology-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52e0281ce62a32de1725eb603807b7890d11f596aecd42507b277a31497e925c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189718 Malicious code in sublimation-sadr-magellan-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 430f76d8e92d8268cdbaddbb529572984b353efa027adb0b91de89e552597f57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189785 Malicious code in sync-hugo-xanadu-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e3adaa46632173918f3b95958281e988fdc380ad8e4bea12ca6d766fd818429 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in supercluster-vortex-blackhole-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a840cb750914a2d75e4627c09a5d65fdf3f78ccd08344dfc9f366053fad4d11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cressida-jwt-loglevel-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c579391a28b717cc3bab01d83cefe0a9573ccb0c4b8dee4c27e98fcb9b1adac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...