MAL-2025-186029 Malicious code in cat-compile-analyze-deploy-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9514ab2e174c3c41eef9112756070b30355f2acf2e0db624c254b0fbd779b0d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xml-phoebe-protoplanetarydisk-magnetar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 98ca626683d12f3dda463525e94c3b5a5a37cc063cf1a9be277a2684f5d017f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quark-charon-hercules-lepton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8473c670a25ac2c4782e9d65c46e0a8158a9769fb0bb2733da88072b9a7a2c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in registry-local-biotechnology-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9231156a824bb7cc0a68e0cebf262d6d2457c813ae5b4c9f8b5ecb2229089b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in refactor-private-table-finally-water (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e7fe350226f8e4b7671ddae6faacdaa25fcb6d3a536a3576ea5fb7a4c42e214 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zenobia-zephyr-dactyl-planetology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b41972a45f6193c0e871bc179bdd7dab9cdffb8574219b66bed2cd9c14afd2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in brane-mocha-elektra-farout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a64e4699bbd0a9043d4f0a6fe6c81a12163af437814fa8d1de4cf1f028f65136 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in geomorphology-astrochemistry-alphard-zenith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 206b849dc5689a7e5c43f5c73d619dc09d9bd8248ad29e5e4a9c7beb15c96102 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in archaeometry-impulse-galaxy-dysonswarm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95a771881cabddee40de70b816e41a9e98fab7a207bc97d1bf8ebfd9b215ea40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bunyan-resonance-mensa-concurrently (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a65863ee55838a0a6002f037f8899a14e638e0c1328dce784f74dfa7763be464 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bash-serialize-decode-grid-sudo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f77e4d6d27883a5416570e199d67bddb626be68458845c00ac83a9c839b6da5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in soap-weywot-robotics-on (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0dd944d0f7180206b81a90a1e92b2a37af02b64eb858ac325abe0b694b3bb26 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rocket-planetology-mira-convict (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e554a1872c6a881e9266087c9118e5844fd78fa0a2c73e38dbebe1ff503e1f57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in char-hot-import-public-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 354febe792f16564c5bcc92ba3e4c54de0a806e5195e3c623a630ff0b9ebd844 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xanthus-got-telesto-accretion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bbac9defc7fbf4c08b122aec88f87e0ce104ee49d981074fef3a67e0b98cef9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webdriver-manager-neptunology-oscillation-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c818da0d4724a5056bdb4220b90d6078bd9764e0642c6f267bb98ecdcc268fd4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antimatter-slidev-install-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f36ee67d3b0eff64d3bc613e4f77cf96c2ef826571257f8f7761c58e4faf537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in big-monitor-moon-iota-warn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 616c7a209c16dbf7dfd668237b485e9f42ad3b48269110d1b28ac6574c83aa7a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in archaeometry-eventhoriz-taphonomy-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 60c3be56c95cdb3180faf1ff5f1f7ac9b1287134bb4a918d5d585bbae225d4bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in boolean-double-benchmark-star-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12e5c0f3b368d68a8ca0642ddefa6f85ba5d3c3f8a3c01cf6b088c175dbea41a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...