MAL-2025-182938 Malicious code in itale-adci-yafizgantng (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e68689ffcd5df0ccd9c052714cd98ee0fd149870271f9cba959a6dedc05312a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140474 Malicious code in cassini-puppeteer-spica-cassini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c49a3c927ec65fd58703092a6e2e828a1b898fb03af1f389b91fdb76efc5d67f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122094

Malicious code in semantic-release-inquirer-nestjs-publish npm...

MAL-2025-146046 Malicious code in pegasus-publish-mongoose-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ceca5bf5ad3eeb9dc535efb9f2ed64bca85aa519539a639405784791be1baae This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-114336

Malicious code in dotenv-safe-public-puppeteer-publish npm...

Malicious code in nurul-sambel33-tititugel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cca1ea91bf070a0254bc38f3026c21b97f79de712cf947ced0c264e6bf480f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-87562 Malicious code in kurniawan-asinan7-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63e0cf0e0ed3067ef0b192829968cb18e51c621f8fc6d03382c70b8d765f2f36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-78600 Malicious code in hadi-mie24-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383e9df85c065baa670b56e6055f3059396f6903596c11f8177c9887bd4a9a5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in organisational-aqua-orangutan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b618557eb29f4ff29d11d32b9388398df1b9fc1a54c4d62483b457cc37273c3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in babel-npm-publish (npm)

The package babel-npm-publish was found to contain malicious code...

Malicious code in commitizen-tailwindcss-buffer-publish (npm)

The package commitizen-tailwindcss-buffer-publish was found to contain malicious code...

Malicious code in action-npm-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 048a0cf0cca0b18a85e69e831d1c26f1bec7888c3f5e1865bd185b3470fb9e2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11299 Malicious code in apc-publish (npm)

--- -= Per source details. Do not edit below this line.=-...