MAL-2025-189511 Malicious code in singularity-rigel-quasarjet-husky (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bf17252b6c653ae675c4bf9480413b571a70ae7390302d63383fdc0b937794f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190346 Malicious code in writable-jovian-pino-markdownlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19f4b238352d52b2cea590b0446ad3e308f8dced4b1490cf8e439993646c0a9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187702 Malicious code in koa-vega-zenith-canopus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64a04af2364592a4dbe9304c1583200538072652b566a0c4367ccac8e31b977f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189357 Malicious code in sass-loader-prompts-inquirer-blaze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8510e31e6aebe1ba6798f088e0772983d71667602f005659f7f54fddb9b9facd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190336 Malicious code in winston-lint-staged-ganymede-parcel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 964fa62b6be534e55034d3bb600bcaab53ab3dfd3be346bd6d3534cd63246be6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tool-dependencies-dotenv-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d36ff10f503ecb03d0f7855f87e5eb97cd43f2994534487d509135bd0d559e9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in module-barnard-ganymede-sociobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 318ce5e99a1844c93f91036e8137e440098fae0a90415e943e5bb1c3a0a191af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-development-cressida-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c296836ef6103cc0343dcaf31d3800f97ced245deffdcac4a8d01c097a4926d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in class-secure-function-transpile-authorize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e28b11cbe99b65195c5c3d27c542888f775612a52a9dec629226c3caaf70c27 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in root-rain-catch-sigma-float (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 349fa5e6dccd1932baea7494697034aa3d9214462fb6016ff5e68a1bf986fb48 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in perseus-websockets-wasat-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f66d0b03182f5ad40988a628f5788de95e072ff2c025481ebef25753777e4abf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in load-integer-wind-byte-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae40c494ea7661ddd611225e387ea5d15aba899bd9ba2b4d2a09251d6fd7a9ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in query-regulus-bionics-subscription (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab2ac9bbf76ae17ec6c45f2dead8e433092cceef588c319f4d72f40571f4219 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pegasus-deneb-iota-mira (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f09829ad648a30448e6909586b77ecb91a7d0c11ed07ed4042c386b13811abfd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zephyr-hyperion-cypress-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c3120a7bcc6b643e7ee8de6d0ac0d7396a197a63da497db369d04c59ebc39c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in book-earth-runtime-delta-chi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ca56a31956e75b2290ebd4b408475ebe5dddc60d039e85ec0ad1fb35dc980f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hydra-publish-filament-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2aa39d2cf73e1508204d2e22e08291cfcfeb4fdecb5a627d7b869aca7ae494c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in air-minify-load-secure-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1af3ec54197cb7da3f25eb9bd335126dffc771d242e1a8159a7354d5522b5442 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in geoarchaeology-archaeogenetics-spectron-webdriver-chromedriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d023e09a2edec33372bcdf7291dd928ab241ed4aa9f81604743121eb2b4a57a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hawkingradiation-eslint-mantle-lyra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88a5de4831c38f6c1d0de9165d7959c9e431a8a052cf7743cf669170730ae39b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...