MAL-2025-190358 Malicious code in xanthus-redis-scripts-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5378a4c2406d3bf5d4a642721349c3ebe3396f5805ea6a6298f597ae191792cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186328 Malicious code in cosmiconfig-deimos-kaus-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b417397ddce4e37930565b0788e7a53a679b19a15884a94a966067146ae2b85 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188363 Malicious code in npm-publish-cross-env-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f326fe849575cb4d47994a975a7fe829719b21959ffb49ef1ac24126a1519ae8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in user-book-gamma-notify-old (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b393e57bdb5d4c816987aa0de9d8feeb1b8e9e38ada87da71f0079d0e434b0fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186490 Malicious code in data-grep-string-transpile-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0baec754b0baf24fb249ba7fbb7cc8b4653d63b04595b2df0119337a6b7e57b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187760 Malicious code in less-mineralogy-airbnb-tardigrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1e150649f9701fa8a91531cb8cfe5a7a8a65c99dfd46ea28f5561aad1fc5b44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188160 Malicious code in mysql-fork-pavo-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238d311463f574170c5184cf88b55be3f9775159d52d35ba3b1353ef03901c60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187520 Malicious code in io-cordelia-meteor-filament (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37bb443e8b535dc59175b1ef8d7eb72d284f31f0b56ff72943312cddcb025736 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190438 Malicious code in yonder-mineralogy-ablation-achernar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0650f663599df30ee3a2fc300f5a88b7bf4a1cd8203f2410bb10acf99ced98b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187065 Malicious code in fusion-inflation-dactyl-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd7df62b134bcc7afb6138cd72c0148fe9828de23d7012fa0e5c0c2047e9063 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187415 Malicious code in hyperion-postgres-eslint-config-warp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b260dcd289e1588d69c2094c68adf2469a9d1213fccfe6612787d31af1167bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quick-decode-transpile-array-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 789be1eb5319667c7103faae653520c2ac40f78ca9957e497f34f7395845b3d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in figures-betelgeuse-ethology-magellan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 502ea4d5d596187fc863e0bd4b1f9a667de36b53b2af2edc798a666929b4924e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in virtualreality-paleoecology-nova-zooarchaeology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dc1df744f380e841ffc7b91019014063c1c82e664243d3afeaf54a02bf69c5f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rest-version-library-hadron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e3b01d06955b1393fdf87ea7bfd085c32e43a39e890b503008aefae093db6b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in unuk-mui-antares-neuromorphic (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f1ec361b50b97c7e7b7ab5f49059900ab7878e6ffac9899246ded9fccc19d11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in apollo-ini-grunt-radiant (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c48d74220a2eebde40d0798cba3ab887af5402c7d0e4d32cb8683107a6650af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in odin-start-sagitta-got (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 878a783e1486851d45d02168357d90a0294a77ebd4be938cad78d29133fa59d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rehype-janus-nebula-quito (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b030dfe78269f05856c1d36dcfb4812704739de10c5ef8312af45bf99110f18 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in process-loopback-cosmos-leda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da04f28b11aeb888365841b60d588c34ef88e6c040b684fd9971c7131569f620 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...