MAL-2025-190058 Malicious code in unix-scale-protected-test-fire (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 696a986920e12bc1e3cf84d12a5c637dbceadbbaf002d52fab2ca101305fe795 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187023 Malicious code in fork-secure-code-daemon-abstract (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e52335d0c8c5a3592945cad720a46a4342b5890c4c9313c65cb63fe16831215 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187986 Malicious code in mesosphere-chai-hermes-eris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c3a859d8b89079691e1fa4081212caa22fbc584c0379ef009eee6eb1c9d5ba1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188108 Malicious code in mongodb-kastra-gridsome-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e827819cb34d09b58770afb4d907c8cfe540dad27e0303f9827fff00ee4bdb82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186372 Malicious code in cressida-yakutsk-zephyr-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dae255b919a558810665528345442d46e7043d63ffb0951981037e0bc8c961d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188553 Malicious code in parallax-chakra-ui-mantle-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5160f72010bf6f5762daca3a099c3a80bdc7ccb9da4832813a1a861b6daa7085 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190033 Malicious code in ultra-mira-centaurus-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7451d5363e279f93ef5dbee433d1cda8986b6f0b27bef6015f624c91737ad440 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186835 Malicious code in eslint-config-jovian-middleware-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a08e1a70125c98d783c4675a920d9eefc7bf5a6891ae90b0e858fd9a3a898c82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in epimetheus-sagitta-cosmicweb-dactyl (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90bc7aa72b27d6ff25deddb6571fb73ec8eb566c3846eddf42956cf6fb0fa976 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188810 Malicious code in prettier-stylelint-astrobiology-loopback-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6defb2c5feb096989f260b8521f3669e9671736f838b9e562297550bbb18bb7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in chariklo-library-public-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa536a5e403d931475f9787e1461256bb925caed3c743de48b475db4b9bb1938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189970 Malicious code in transform-version-sequelize-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0b260696b6e01b16b95ea6411e5bdda668fb587ccda3c63e369cde6cd117d1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in passport-coronalmassejection-vulcan-loop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b0eacc9625153c6f8ea0ce91170fe0a92cca5c46d7b2b5a14cded70fe59094 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in farout-resolvers-photon-blazar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d346732ae56c4ef8f30df56341cab640ff20f6d532c8da3b5709ae69820d5261 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bootes-global-luna-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39b5ee17fa3aca045e1236eb3d32ce08cfc4e6572f1d9ea233fac2f7dcf653d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in minify-report-compress-compress-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99dbbec0f45be78a69c0e58da0c15b858336cd03082f3e4bae5bd685bf93c25e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gatsby-enif-tachyon-prosthetics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3e1fe40b9f4663cd8b878d886d2d8206a84740ad4a30ca7055e0b73b99ffd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in heliophysics-aurora-lint-staged-global (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3146d8b6e52b168ae00047b32f06d4bcb6748de549b64b41b2bfb73c6bd4abd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magellan-transport-auth0-pulsar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23426125e717f1b44108b99d6736b6aa3d30fef10c3edbf7df27eb9ac8c86fc0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in solarnebula-testcafe-redshift-isostasy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a15c52af2d5e39295813eaff4bd1238055cd3382c46f9dbad1c88557512906 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...