MAL-2025-187719 Malicious code in lacerta-chalk-ini-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45cf21208b56ae1d0da3be8ce48b148ac7f6247e8b2ee4ddf53e45b162060b7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186821 Malicious code in eris-umbra-dotenv-scorpius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dbf7714f75abefdecf0f36cce8d8391b67049c271697d541efac035b1b66ae5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189898 Malicious code in testcafe-miranda-electron-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6dc56bc034bb1eb4e4b4fd3fc8d7db620ba01d5807f3200c1c40cfe1f26c695 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187029 Malicious code in fornax-chariklo-sass-loader-parsec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 850e2c6c4023e5a4b443ad2f8ca4fad3529da5229a547813a31c34b4e139c1ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185570 Malicious code in array-simple-water-tau-book (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30cc8225a97aed8f4d662ddf94085f9e9c314a50062c44fc92cd45f49a066f37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186442 Malicious code in cygnus-tool-update-xenos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e6dda9b734db336089ca3b7e1b189859e059a4a50e2263aa85436870537b513 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190169 Malicious code in virtualreality-paleoecology-nova-zooarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dc1df744f380e841ffc7b91019014063c1c82e664243d3afeaf54a02bf69c5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in proxima-aether-quasar-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba01e98d3d6d7338f99bdfa2d64d6edd27d996c46e111d50c5c7123d434a5285 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in awk-mock-rain-enum-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea254d49e0c0d242e46d727e244f3f050290bdcc56d7af59a51ece0d90a9ecba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in electron-postcss-loader-yaml-pyxis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8dd6b06620bf85f280ff8659339047adecb9bcdc503d3a50fafb169483256ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quasarjet-cluster-ionosphere-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0335cb0d12622e1f9f0076cdcad521feb0e990280876f4d6ac17052fb3f76185 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in node-mu-private-new-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8937b05c71005082adf7bc0bad95bdc9dc7074cc69262f27f317a80070db28f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tool-callisto-betelgeuse-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3014b72f48d0cdf678c671d8bba429cf7ad5630d66432049d24216676d7ba809 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188197 Malicious code in nebula-build-auth0-mui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f64f27094bea7cf9d6b3712a3714081b3884123be343a197952c08d6ad1b940f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186966 Malicious code in figures-mantle-docusaurus-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4496ad3ccf9f0ca38f59311d9b93994276b171cdc331375907b93eb90f4b00aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189884 Malicious code in test-meissa-stream-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e201ad4797f6c1d0adc706095b06d260333b5a1677e61717564549f492ee379a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185974 Malicious code in callback-elara-hadron-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c5e131353d5f6106fa2496e00f7ad443ad3e792fa0a1d9faf3e536b245446df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190149 Malicious code in view-object-promise-xi-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e9385f29155a61233a2bd59a79bcffabf2586fec1e93be8a46e069aa0cbcad4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187125 Malicious code in gatsby-upgrade-aldebaran-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73c001ab99214b4662862b263eac30593a78748adb121c5de870d37a660239fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188913 Malicious code in proxima-hugo-pm2-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bb17e16f79c8aed56179cb32c277f170ac4625f582251cd9e83a240a0d374c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...