Malicious code in transpile-pi-cron-secure-double (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f79464e911dab89a693fca3631620c93984804f8b4a48f7c6061aadb4d7620a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eigenstate-electron-lithosphere-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4419ee7a3321834a9fe9daaccbc01f465940828b5b1ffbf986135d57c87ec87f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lint-staged-inquirer-transport-hawkingradiation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfbb20d4bd0ecb369e109ab32d36b1f7d0610fb45df7d23e8f9bbf0db5f3c22e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in object-rain-fast-process-unix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5190458cbba4889fb7152b962f72a7d7ff51afd404bf7aa70ed5cca78937b238 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in helios-jekyll-polaris-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 185b2314d9675d6e627b2ef3b7251acbba2ffb5ecf02743553126f3e6cd7e1b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in seismology-paleomagnetism-fermiparadox-spectroscopy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3e3bb3024e3f9552f1550c868b31000a8068d42f762e56f574489f88b1ea08f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in epimetheus-uninstall-cressida-sedna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efbfee41fefce5715d914720f5044a88f951f4b0361bc31c803542153c084c86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in achernar-ursa-server-testcafe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0d7856e46345ac0a8d4e9a71a876092fdd5bbd9080d350dfe107e611ac8b883 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in emulate-link-shell-async-double (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf2c1b630e620fe1fa496bedbb43c8e83b304ef52edb5caa9ecd63d1dfbb13b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gulp-cluster-hermes-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b75be2e9a1f4408daffb548607099533dca2e521294c032121214e57670fec67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hercules-radiant-jekyll-delphinus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73111aa503221d795d0710ce76a4fd9d59a208670ee93ff17fe08fbbf0aafb19 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spawn-miranda-publish-galaxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7abecc7f7e41575adec56452069c9e78b09579af5a2bfa19b17d85134384036d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in io-cordelia-meteor-filament (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37bb443e8b535dc59175b1ef8d7eb72d284f31f0b56ff72943312cddcb025736 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prettier-meteor-mineralogy-vuepress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7db2695a262bc6e69c6034c20bc2c7d9eff61f2b332c8b08bb2467def0f247e0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hugo-miranda-prettier-stylelint-xenon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2ba474c5aaf42da186212d66893866c1fbe6c58cc6ca0109aa83c82304aba0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in centauri-xenos-phoebe-heliophysics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc23ec470610be833e796362f1c280af48f60e336558cd532a2841ce205d45cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wasat-rimraf-csrf-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0490c6db59d2c6dab3d93320b54f7a2d60b74ba0415f01b8fa68bcd25ddd3587 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in less-loader-rocket-adonis-kronos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb348d5f9f6c382b7097d3a12d16dbd64c584ad9d700b67e646aaaba37f84a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in short-easy-epsilon-beta-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9aad4a5d3cc9d3b05ef3126a8c7377929098bfa3b444d80823ec298620e501f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176492

Malicious code in scripts-apex-gravity-jest npm...