MAL-2026-3684 Malicious code in @gusmano/reext (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 498a21b60dcdfe236ea0b1683e1ec64aa091643b6ad562c3845757eed79660d8 The npm preinstall lifecycle script dist/scripts/preinstall.js, wired via package.json "preinstall": "node./dist/scripts/preinstall.js" reads the...

Malicious code in less-astrochemistry-ceres-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce97bc6d36bcde07bce91a015dec579ae6795f061e92685f77111fbb9c91bc6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transpile-bundle-upsilon-decrypt-secure (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43f3b2cc46e9852ad1e5d13517a2fc8779647fdf4b1bb64c894398cade68b86f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in stream-build-ganymede-corvus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24b83fb6af139dbb9bbd46a83057ddae76e5bac4e17b4d50dc4543a894b03951 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189464 Malicious code in server-nestjs-selenium-cassini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8a760dd4bce11efdd666ee3f24ade2e0fc29cedb52383bb55dab1cfa53cbcfb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188350 Malicious code in notify-zero-abstract-old-dog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a53282b311726aa389d4f18e04f8cdede5fd23b6a0f0f816a5e9547530a4e8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-genomics-uninstall-virgo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfeacda2b376daee22f78d9a59bb58433ef352a72d825d0910791a5051064406 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in water-balance-serialize-omicron-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10b645228c86dd124d31b5de28c55a401743d95fcfde72307326120b67d14f46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lacerta-betelgeuse-xanthus-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d3c6304ec6e85d47dbc95675de68746430ade85ec9fbecf5cad5c5ec8a058683 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transform-semantic-ui-eleventy-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ffc4d6e7b72b0aaa2abde280bb586981de8ed65cc2174a163599fb04f6fa777 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188716 Malicious code in pipe-cloud-try-assert-grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd568cad8ce32be5229100a77795fc873913ab9e69eb170a41cfc941c01ef28c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189933 Malicious code in thuban-run-script-octans-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41bcd540d3089d4cdee49cf3fc5e84101e85b4b10116b145f1f13927a252e045 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189150 Malicious code in reject-report-water-thread-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d02b01178117c9f80a654cfda85d80642145bfb635aa3670c99f6c0871b40182 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187209 Malicious code in graviton-command-global-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 845414344cf37948a469b18b04fe8781a6a8a9e6b92f158967769b81e803f446 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in got-loglevel-ceres-acamar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b2e9f729f99ce1db8045e28e7e2b5344d4377dd1b1a8f21d8fe39d2c57b0dbe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rollup-plugin-async-astrobiology-spectron-webdriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa1575655360d32ad6eb45dd6dfeca312cd7cc44d003f56621dc00b12f7ece9b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fermiparadox-helios-pyxis-astrometry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c4110ce456b0d3ee05ab386cd882d362726708a69daec5cde442abef8ce9a9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deneb-multiverse-augmentedreality-phoenix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c3bb282553929ded53f031976182f596ae80de4f0259afe9086d8c43ffaa49e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187133 Malicious code in gemini-csv-cryonics-castor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a57321bc7da3ae1f7471aa4b2daac2201509cd922f65a18ef0992a031b983c12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190409 Malicious code in xo-morgan-css-loader-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df18935c38976d8952bf589369f1a0e87fbdb16e09e484594e5e302fd8d55ee6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...