MAL-2025-144794 Malicious code in meissa-bellatrix-izar-chariklo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a856584fc3380af0d42fc31146d6e4f0eb878d35c362c2901800f64b29189a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in uninstall-yildun-corvus-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71389884d84d46c7588e1f5e417d4d265853fc74c19a59cbe8fe39fb0d0c3d9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cache-telesto-antares-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector edf2e5258e5816f646e8aa2e161245fc708ecb2160fbaea032bdea23317897e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in capella-meissa-chakra-ui-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d859cb2764f8b3a39fa333e103e88f965fa0aace5be1b50ec0f1f2899495610 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146712 Malicious code in proxima-enceladus-passport-zenobia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb8600d80a5e72e3449fb03483c9e38e7860062aad43b05895d923cbe105018a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in writable-jabbah-elektra-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2feed5d5984cca695429759e5e8f913ea156640eefaa638a116b0017549eb39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143443 Malicious code in hydra-hapi-webdriver-manager-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00a03bac90d0287512c2d43ae5069080023ec831c3459544aa0a7b576751eb6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147712 Malicious code in scorpius-publish-scripts-xerxes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81282aa28d9bccf123d240cee4bf111537ea0d82423e076ed8172e42b0f89210 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148524 Malicious code in terser-jsonp-version-uninstall (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 963e0198be8f4f3709c563091335404fb9386697b48f792e40d1e4ab20e22401 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in yildun-materialize-proxima-puppeteer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad786dc16177a4cd5009a59ac2e5b60390ff2ed67a4972b4194d5e84a0b9a041 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fornax-global-nightwatch-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1baa0d34bfb5effcae6d917e5125e12a1873346f26b8ffab43eb044fde995f44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149808 Malicious code in yildun-changelog-slides-terser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94c1e032d0ea97654da29e16043fd146101a608beb21f7b3ac344026965acdfc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145034 Malicious code in miranda-frontend-luna-webdriver-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f55817a1ac24be0c51e3cd4c4e8c579be5d62c9c64c9f10d6f6aa7ac1f47060 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144103 Malicious code in karma-electron-builder-blitz-lacerta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7509e20ca26b7c59996183c03c0c1f8e94eccd887ac91a3b488ba5d569464f2f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144339 Malicious code in less-mocha-slides-umbriel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb08e378fd5b37897cb55692109f14c77a0d01eb08201a44b838e117a48f037c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147491 Malicious code in rollup-barnard-cz-conventional-changelog-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cc311119fbf3791737da30f4740a28f3f99d6a3c94ce3daaf5c30fa1137e196 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139959 Malicious code in bellatrix-titan-eslint-config-envconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 812a7feb3c4ffa3c82b81a27ccbf2b20e0f1e93df88dcc9fca20cbc9c42eb9f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dactyl-flare-galaxy-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf46e48e76d6587396a1177789bec4bdc75522c87f71b961f23e88989f9223e1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-callisto-hercules-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d99f24f56cb7e133b01201ecd9215855d54fc7a3fa3079ad2d1d61ff216ac59 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-dotenv-safe-webdriver-mocha-mutation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75d7e968a0295c0187fef5d43373097ab9585a396b4ff347bbfdd5347a05b365 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...