MAL-2025-187296 Malicious code in hawkingradiation-ora-celeste-toml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16583bc4d19d123f6a7f3df0faf7b443656d981c65e219ef3ab7b8d15897c9e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187330 Malicious code in helmet-supercluster-release-it-technosignature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c7a022452e3dc430840391ae69399409360dc46577b5416d489a22c8a8fdbe1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187606 Malicious code in jekyll-reveal-md-redgiant-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59c9c6236c7f7d2842ff10d43aad3fc54b3aec809b61ad00a2459b56f5e3bbbc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188750 Malicious code in plutology-async-firebase-run-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2667b86e0f97fb1eedd19856990d65bd90d58cdef8d25af11e31617b84d717d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188007 Malicious code in metalsmith-ganymede-gravitationalwave-biogeochemistry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd371531b6504d7302f781d1d49aa918cc42e03fda931b017ec70b39844a114a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stub-query-psi-throw-secure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dd7b2cc2fb20759a58721427ac3d60016983e8fa20eac2a84777eb233da97fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-cassini-metalsmith-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b4b2a23fb9c62a119ab9c0e8750246e8d4d015ca5b2da5e50221be5da0c3609 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in indus-farout-carpo-astrobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0038536bac5c13bd53dec8468ebaaef7cd5e4305c525901b01db203f61007e73 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in long-nu-new-nu-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f181626cd1e58ae54d5a7e6958edad8e897a4a8cef1412d594b4d7f983ba163 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in adonis-cosmos-eslint-plugin-izar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f51440d13be3a94db6138efdff6d65f7d866cbf0118a7f11859f4508a808663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in auth0-andromeda-heka-cross-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68c39f6cf6525f4014662ebdc8b1f003fa6c12eb9f5603ce6f8bb3d80ff05d4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in awk-mock-rain-enum-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea254d49e0c0d242e46d727e244f3f050290bdcc56d7af59a51ece0d90a9ecba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dysonswarm-loop-command-uranology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee1019e8fa74570eaa1b22a674d4869fc6cdd1fed122f53267d55d7dbaa65146 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in elara-auth-enif-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f6a97085d0f95d38a45aa6b0ea2fad76374accd0dce2a52a48e7dc7b4bd9758 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in epimetheus-sagitta-cosmicweb-dactyl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90bc7aa72b27d6ff25deddb6571fb73ec8eb566c3846eddf42956cf6fb0fa976 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in final-secure-epsilon-catch-book (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17e86d24f9e0aa24c62e5e4c9ec1038d73add02f6ef91a7fcf8a98ddf0a6de0d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gatsby-upgrade-aldebaran-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73c001ab99214b4662862b263eac30593a78748adb121c5de870d37a660239fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gemini-gravity-xanadu-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef8b0e335c02e9e3202c8e0195d3bfd55501baef7ef0af424b6b5b8eb2310c7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in global-apollo-dysonswarm-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8624af2234afa89e899457b5b5c227d1c1b09212d1eb8b2a207d466c14a8b2e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gulp-prettier-spinner-parallax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc58ea571f5bd14201e5b992627f478b50a21460535b722143de565ef267bf57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...