MAL-2025-185866 Malicious code in blueshift-publish-carina-nconf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28c549f3f83be3a9352be7a86dc574afb8bf0d430bc7e01a82a70d38bfcde7f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189075 Malicious code in rain-final-bash-bad-resolve (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b36f7861b2c5a32da3cbd2d0cb30c946b3f8a373dcf16159ed8af05069eb8dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188705 Malicious code in pino-pretty-kuiperbelt-vulcan-hugo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d01b3bf19da8542bfc975fdfb7a80d55b99366b0702f190de1439f1a90fa5fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185864 Malicious code in blueshift-lynx-dotenv-safe-morgan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dab58c5139fe550ec62331ad682959b01530abab6c25ee42eabc08fb386d1f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186635 Malicious code in double-rain-protected-import-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8581e04e65ec57750c45a77518bc0bde32027cce7cec3092673048972abc390a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189907 Malicious code in tethys-schema-proteomics-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc52405d182abcbe70ebca1e32782e8c4b840ff6509fd47793c70c9d97a8b05d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187113 Malicious code in ganymede-style-loader-xanthus-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36a5f45d9564f44b2db677d8a064664c3950bbf58615506c9507134b1044b3ce This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188159 Malicious code in mysql-enceladus-cressida-whitedwarf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30127f561aaee92f2844597d8f2c4f4c05917776b7427fedbbd4c3112d2b841d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189043 Malicious code in quick-decode-transpile-array-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 789be1eb5319667c7103faae653520c2ac40f78ca9957e497f34f7395845b3d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188207 Malicious code in nebula-lyra-astrophysics-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87731194882f0a9904a010dc5c887ceff5fea966c6f645da196e94537a27f879 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188551 Malicious code in panspermia-zenobia-cryonics-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1d62b4d8f6f507350616a579cdbce18a90c525a7b7c57f5777d99ae7a748c40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187699 Malicious code in koa-eslint-plugin-corvus-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9921124b23b8c3333632e1a5ad8852823bbc42e2f37bc4ab4272265763d84cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186441 Malicious code in cygnus-got-nconf-public (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf4cc3cb622a13b0cbc50c9a597f40074fffcb794cc7735f6e63a0046d3db721 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187196 Malicious code in google-radiant-weywot-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90c66e0686c4618a725de20e95e6ce1715c68327b6ccc280c359a1139312e4a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187490 Malicious code in inquirer-resonance-stratosphere-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8045888615086dcf573d963c334214b9b8cb76ab93a54114cae959a94c16ed66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleoecology-tardigrade-express-rocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab02d785c1af544c7c0c174e3a90bdc47d16a2f816fbd258d3b669ccf44e59ef This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in command-dotenv-betelgeuse-neutronstar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03c0eda4bbcf824a758435c6c4648e1bacf43810c9b85cf1effc8e2dde9f47c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mesosphere-exobiology-sedna-baryon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ebc2916450b1644bbe7b3a073d3a0020edb99b9bcfcea7731cb2acc128847b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centaurus-superagent-spinner-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91d406ed50d97258b1c60ee835ae0350d359b3f8576bc1a5411d4da722d37cb4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in figures-mantle-docusaurus-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4496ad3ccf9f0ca38f59311d9b93994276b171cdc331375907b93eb90f4b00aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...