MAL-2025-188037 Malicious code in middleware-backend-async-oortcloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 589303641468d47dc2676783d056c226ba4f62fb3a64e597f98751537eafe25c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-parallax-publish-innercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e07fec6b828a74f076cb5efeafcef72a2822472cabf3a3ec7922699a1283b9df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apex-titan-babel-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a01730205c12d694b2acae4ea9b3af03584b9f34e2f92fab62e45846ac5136fb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in async-proxy-dog-refactor-nu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78283fdf99d15a789e89ecf764e0adce1a1d5dfcc1e09a6d26d5eab8b9f4cc58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in authorize-signal-report-omicron-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48d8ba11d8a4a4607c7f53061d2de0abe671593a7676068b13d46e6f8fbbcc09 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bash-load-fast-unix-route (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ecbd7ca201ba821c1a484ec5b1956590a49883fb903303e7ff401bbdf9ba78c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in beta-grep-cron-omega-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52a7b28f9b754e69ce8bc73ff34806e5dadea1d590ec27f52ea85800891c06c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in catch-stack-load-public-grep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15c509a0b517637027dd9226985a76750f86dedd7bb0dcfaf6449347750210a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chai-gatsby-coronalmassejection-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1965265a6fd3542b543b488677095044706c61ca1aff9178346019531c500d8b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in concurrently-scripts-plutology-nightmare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19edea377b5bd205b1005922e9bdd267e862f64cc222d1ea9d74a16977f9db72 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in coronalmassejection-terser-zooarchaeology-telesto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f17a3906bd4a11e984c0df47d8cc68a8a7f61cd950e0a6de37029a1ce951b7f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in crust-thuban-archaeogenetics-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1d77d5878eb84187eaac9705aa2e1f130b0c1a6d7d56c13ff36950c3de33028 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in deneb-juno-virtualreality-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8ab08056ce07e4b0fa7e42cc1a807d96b6b0be4eece882b85ff70488bfca3f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dorado-development-troposphere-futurology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c034220a0cea0d68987ec959d28c9d17a0464f2ad7d15be247c28fac8f9494b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in draco-less-polaris-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b93ef4506fd0232368daadc9c2eef184cd5f9630d08eeeeeb9b7319cd4119fd1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in elektra-xml-grus-hugo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c8f6f9bbaf6c31fa6c66d4f459eaf167a741ccc0e66e0a22a5941bd34df4e5a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in encrypt-bundle-test-deploy-scale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcaefcbdd1ffb8c51e8f0e7b02fe563dd40e979c5d81f3dc6babebe9775f54bc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in encrypt-meta-authenticate-log-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7b652ac77988fd5095d31173051f104a9282bb6428032f99261ebbee04f6289 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in event-bootes-dotenv-parse-variables-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ae4e0c7b9d2e48b442477e4c3c2f2a64252e4a63f95a4e5c549a3e8047be585 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in export-hot-cold-orchestrate-awk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e29679a768cff74bff87249c600a87ea07ac325f73af6665e836040a9722c178 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...