MAL-2025-187490 Malicious code in inquirer-resonance-stratosphere-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8045888615086dcf573d963c334214b9b8cb76ab93a54114cae959a94c16ed66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188109 Malicious code in mongodb-nodemon-callback-areology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 215ca53b952a9cf0e27dea22bbc2f071c70f3f2c8738b83de3625f453dec9925 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in build-enceladus-supernova-joviology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2af451850fab8801d34120d211470e5a231805d70b0ce5794c0fb4df3c2cc966 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cache-norma-protractor-superflare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16e22a028f41addc99f22b1226c3465d0e27a43c7438538f39b0d1e19d26e153 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pulsar-apollo-decoherence-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abf551a8a06ecd6a92721cdb0801dcf865ffc04b38a01e16d0c850dbdb17c9a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in report-serialize-rho-public-file (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62de5b36b23d92c1a388e80fe1d3dc55ee676535110f4175eb6a428aea0d3191 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in omicron-enum-link-permission-double (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9804048589d4df4d871f01e83fb61ba2d7b918abd2ebe1ed69a6e045eedce720 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in data-virtualize-cluster-view-phi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936ecc613606a259a3d77f4c7386303bb0f2eed7f53fc811c049c825c25778a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in global-rollup-plugin-lightyear-thermochronology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3cc57f45ae1114a1d5982e809872dccf790990097759e1326399fb0c4f9c9805 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in castor-magellan-halley-equinox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f91c2d58b576b6b398598b006ff7330ccf27b074f3ba12ea2377ed20fee56b1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fast-table-import-async-double (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09b7711575f733c9e98b03e3824ef5b1c29085d432948d8c4df9b454932c4f55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in impulse-blaze-yonder-eleventy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c64a8943de13674c80f2692180d88feafa9120eecdb35280551b668f62cc74de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in genomics-lightyear-mesosphere-wolf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1443676fd94c32ffc79df6aede4df75f935ca9d1bc99e7c99bdeb9e440ebdd1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tool-dotenv-parse-variables-gravitationalwave-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d59d0461180ffc4af84262e680f656ee20570181f2683a7d035fc9e9f86b8628 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in octans-non-blocking-repository-cosmiconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d7187ba1a0c030038552b6c04bd621b070f3960051a0f7ecf52925ef761886a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in phoebe-betelgeuse-sadr-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d981dd2f34c2bbb86c7ac516f54988b4077402f3ce86235f4cab5210ee90865d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in inflation-technocracy-css-minimizer-webpack-plugin-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6244e10eda00ad2d9444aebb4f031c9cf8fb0640f0fcaa288d88ee353d09b560 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zeta-transpile-encode-pi-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 372db48429838467fa0be86a5ed9950434fe7964c97d1b228a5e6ba64fc23ce6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in airbnb-oscillation-commitlint-config-angular-palynology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector baf800470a1681acff5740acba90cbf70748786015854f1268ff0cedb463fff2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polaris-typeorm-carina-solarnebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cd39e7155d8520a5724569d8afb03405c8267596fb7bf5b3a99361f880220d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...