MAL-2025-187216 Malicious code in gravity-juno-cors-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c8097a0705bf1ad76bb1607942f6aa70d99247cce4d60a546977d03b5d6d255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in crust-thuban-archaeogenetics-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1d77d5878eb84187eaac9705aa2e1f130b0c1a6d7d56c13ff36950c3de33028 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in char-xml-xml-validate-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c76ac411c304d6c4ff3a8efeea7f9fe5ac89b92dfa39c8e52594a2d41d9b510 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in biosignature-winston-xanthus-octans (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e90dcc2ecea82bf4db69b8db7b01c821564ccc7f9fabba05f79f2c63202efbb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fomalhaut-nashira-webdriverio-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a034cd14a877e2c5d7412544ed3aa5a725a051aa47414ff2e337b9637217fcd2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in holography-hercules-janus-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc0747bbcd6e1cb7fbbcd0dc7b214cd578ce9437437d5ff92c3122cd217d7f36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pegasus-shelljs-public-seismology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ae9566848e412c6cc8a435d2ac7d35ae39ce37d5248e08dc3c2d201708995b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pipe-orogeny-await-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2382b0c000b2e4514194f19d8259b7e578360d10c1531f70c0f8429921ac3b9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-wolf-barnard-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 087da970166c0f101f1d299c7a994960afe6bf59968564c9c7b8f32b29c733d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in standard-parallax-chalk-hologram (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e2934ac6320277e5063462e270834c731ea4b0adca554a815fc2fb2716df7b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in supernova-astrophysics-jekyll-webdriver-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c46b2195c3e0992cb15bb7cbbf584a0b5e48b2b1dde2a44f4956181f8ca2dee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sync-uglify-js-rest-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab95b633e6385faa2ae97803caa076c5aa6894ce8f5a472eb6441b96ae2ea32e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tachyon-mesosphere-spinner-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0199d4ad6da5ed57f1010cac95dc16558ece4d84ae6e6c6fb857dc52e6c6370 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wasat-foundation-webdriverio-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efd9a86d6be17cbc44f9dae6883bbba2e3a38738aaf80a503bc35aa86bebe5a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in neptune-sync-holography-xenobiology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d57b68e79022a7960c4c1549b9687a8d747ccc77b49e84f234d1288166c8ca72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magnetosphere-hydra-aurora-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d4c280da4088250a880f3beef154d45c9a4bd8505741d2c117a53f840d21031 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in framework-baryon-install-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdbb94425720ebca1c18ce11aff5f460206bbdfd2717e2116a16769b295bf508 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in isostasy-rate-limiter-miranda-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8886bb1b3aa2881de5d3a090df3f702e15600943bd93f6e415c544b97c814926 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in authenticate-function-scale-cloud-socket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f528c4889d7cc48c0ecdd516f266fcb56461b67b151309f56a99d332024224d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dendrochronology-eslint-plugin-andromeda-helios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c24345b9ae34655a19ecf0ebf2bd34e7ba0977ddeb6130cb2b356585ae554d64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...