MAL-2026-4372 Malicious code in @budetzz/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c79c7b873a8ea61831fdfd7b987de0efbf8944d2fd407a8dca4b70042a3d029c This package is a republished fork of @whiskeysockets/baileys that adds two undocumented network behaviors. 1 lib/Socket/newsletter.js line 111...

Malicious code in phylogenetics-fork-tectonic-cosmology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20cd04db7ff79d34415c4910ccf5f498e218ce9c415f6d4a1e893027ad764142 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187570 Malicious code in janus-enceladus-supernova-panspermia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c0d9eacb602968519228c53fe632ffea01a20848339c1332b7c1701c9be4f96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ursa-hawkingradiation-pulsar-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a44783e0629c201822fb799a347c530d77eda8b2138bb131f0087271ddeb17fd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187493 Malicious code in inquirer-winston-commitlint-cosmiconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d8803b934bddaa10af678e2f1095520a0c5df75893b63ef2fb45b3564318c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in omicron-route-beta-virtualize-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1df4644462be2f6bef9258c6e7098ecbad6972699c1f806efa8e5ab8a3428a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190260 Malicious code in webdriver-manager-deneb-nconf-outercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5856dc3105bafd0bd895c339e371e97000f404e871ca844f86c47c579ae39d6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189330 Malicious code in sails-link-update-glaciology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c565b4c6d9dd5485fafd3fce71a661cbee1ead7dd64f7bb8d20006fbbcbc76e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187632 Malicious code in juno-areology-dorado-webdriver-mocha (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c5dc9081536cb40daf4c65e7faf0f892689726670e29ce501cc77d9bfb21158 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-184048 Malicious code in mitoko-ontcmi-lapiokamaasi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e972db947077a67379e8e98580ccee6b047595610464042dd3ebc627422eb56 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avangs-olims-noliadsdsgsgnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bc8e481f6b8b0934f1c677b2c9d50dd6fbcf5de84911f64064397d45b62531e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-183214 Malicious code in kisut-dfg-dufaiban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bb34fb48320ba52b872cebf586c29fafa87d37b4a9f0c3769996d335cac3def This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-182004 Malicious code in flights-lutug-adibalnlo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4e64a0b09b411bc2ff0a12c41424906d6c66076b6180d89787018839aebaa5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in teate-thy-sonic-fispo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 608d523cd6a06647b5d86bee7d590c79d59d981c3829e19ad760fdb0f3208cde This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in teate-thy-sonic-wozsam (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a63678e5aa561e1bb90abe9fcfefec9efd64358f1f9bec4451bde3caea403f54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-180224 Malicious code in teate-thy-sonic-burlu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5dde920b2b3acd8b07f5cc0eabb1050933892ae55c64ecba746577539eb7543 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-179474 Malicious code in anabuyi-inuzau-ninni (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7f3db65943dd7113ff1ff6afc9d4448c9913806267cc2c287d7a19618873473 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-179545 Malicious code in anais-papoa- (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb6af238d0118e2e99c02d8345a3d389bcd6caf235a0a1b548f2b23a36b21b97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in polymer-gibfaahga-agaaada (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b8246935cdf28b99964f00d7fc3aec9d6a468d14ffe81d77c053c5331193907 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-173165 Malicious code in buis-manis-mioapagfa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c255c87ed6be7ca2338069be33cad0b17de7271ac32e50d4e0537e2316a4340 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...