Malicious code in cypress-geckodriver-vulcan-metalsmith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8e7b3c4e75f8542f11b8a92dfb8c43d2878628b0adecc1a5af688a49451c60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bunyan-callback-pipe-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6c6a30fabd9762255234275520307cd432fbd98a02b188eba9e94d2334be6b0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nconf-zenobia-antimatter-changelog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b18bb89360c0342d090cbdb5fad1f11ef5a29f77b43b652798932cb81d9a0a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cold-hot-beta-log-daemon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9a7f8a4e041fa30770c77c28ed0ed77e8a0b512d546aac9d12dff4a25c02072 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in biotechnology-testcafe-cygnus-auriga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2756c79805bc9cf70d1ae96a1a009309dc842d56437d620e90834924c1731c81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in optimize-css-assets-webpack-plugin-polaris-docusaurus-andromeda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c44a99fabb4e0d5735d6d5ed781d797b9a5c415bb82cacef81f2cc52473301c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cryptography-cross-env-google-yildun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 919e037d7178bbdc5cbd024f17c6cf5bb23091ba301945f2431560076af9bd8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pavo-colors-taurus-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4822eb2e312a8df244e9a3d06ff9c91bcb9d9f9cf6fdc56dedac94c979d42c1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quasarjet-cluster-ionosphere-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0335cb0d12622e1f9f0076cdcad521feb0e990280876f4d6ac17052fb3f76185 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in public-bundle-class-iota-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03445ba8a939ca18bdd9df7c6eece70c41c352ef40c472e0eb55792092510cd0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176487

Malicious code in scripts-jabbah-apollo-phenomic npm...

Malicious code in xo-helios-child-process-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6abf116ef5bd6a77aedf9bcc2b5428a4945e26fbf2e8c0d79a0fccebb457771 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ultra-karma-nuxtjs-nanotechnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9986c3e4f9445f6550a96d97a386afd87a83daa5b777169bad5204750216e68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-remark-string-nestjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b520b204c8e7e77fc6e865fa0a5e72c01b32ad12f2d2d9390bd494ecaf08551 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in impulse-eslint-config-zenobia-octans (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector deb5c240efb3880d55b5185feb76739b337d22f572cbf7af950b4f7b7680179e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cladistics-charon-sagitta-protractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b290803267a794b52c10bf128a22515a1e42d7fd608db0434de366816debf0aa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vulcan-delphinus-protoplanetarydisk-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b24d971495291e83f1b4c4e45bbbcca2ecbe2a09313935b9aa7b391db4d8be1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in augmentedreality-mesosphere-style-loader-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c1d853c7a12b620222d28136b0607993451c0a2b585bdb1e76a0f9f242509ee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in entanglement-jasmine-seismology-nucleosynthesis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6c9ccd83a96385818a27d8b5a66cfe8783c5d31de6b3b174068672cb1c3b5cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleoclimatology-eventhoriz-areology-higgs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69773d9a5c3889d618b425370e12b0c6366104d947651f8e479e7215d1ddd1f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...