MAL-2025-188098 Malicious code in module-biomimicry-rollup-comet (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fa045d9a66f5f630078406a5a9461d4933cfbab47967b212eafc50ee94bff1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185974 Malicious code in callback-elara-hadron-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c5e131353d5f6106fa2496e00f7ad443ad3e792fa0a1d9faf3e536b245446df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187626 Malicious code in json-miranda-karma-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21153db14daaf54497f5b3ea3e6b717421a572780efa5d938efdcb121cd30f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187341 Malicious code in hermes-browserify-alphard-greatfilter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e30708db9226924c56d46254043ab17828ef65f1ed22ce45bc6353202adddb3d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187486 Malicious code in innercore-yildun-blaze-robotics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c6a67c1532daa0289287aa51f609d0b21a44bca1e258d173afd670f7b9aede7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186849 Malicious code in eslint-plugin-semantic-release-chalk-fusion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7f76b381638ad18356b8c8d18b10785d541bf3b50f7d3ed0032bd37f205212b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cryovolcano-grus-ini-proxima (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0a229347ff016f9d70393ed03e8a4a921a6e4c86a3a5603209a0d4bd75855e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in private-dorado-grunt-jupiter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f11eb7d0cf109b91dbe253864f2c5180d4dd0f625e3fc93c690844a23ac0b9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in configstore-mensa-airbnb-quark (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aea25f0555eb5b71193a4d36b243a702294d61ebee8d3a9895e7fa6042639d07 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in query-betelgeuse-nebula-dotenv-safe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 408daa89c70619dc90c25827b6f89e118cc4f1450ae3a3b7e834585362c6c839 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-bunyan-neptune-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce65e5c0135f57c3166ec660e1cd8880b62f46a712458d94ef70acb875d1c3db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avior-atlas-draco-websockets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a791d62990ebf89a04fbe1533307e4dce1c2a0f5b13b29a8e03a05b77a2226e9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleobotany-commitlint-config-angular-ultra-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b03612e35e536ee1ee10dcdb5d77fc03f05899841dcbee643769e07617aa5f06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in playwright-asthenosphere-norma-cassini (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 089629ba9b62dac98d9d30189cd349c71d46b60499c74e40ecffea71b6e22c9b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cygnus-winston-geodynamo-biomimicry (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cadb263448d04a72e1a9d5cb278030b6321c2c69658d7a6e011fb6c8b02926af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in code-code-old-reject-cat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c899170e707048f7a4cca5c47d5b69c5e973289a723f30a8f0ca015ae5d82005 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in quasar-astrophysics-less-paleontology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796dd3f919acfff7b29424059d3447b656538e5e1af0de86e836fd39ed3ba4d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in magnetosphere-procyon-neutronstar-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9acfc169a5b8fa5224c2fca025041cb29c7867fff0692c1c961fc225cb8743f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in easy-throw-cron-rho-sanitize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6d96ce449ce210d1cc8716aaaef11b602c714a6a77835e62f277b6ead8df01d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in weywot-astrobiology-biomimicry-postcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33ab409a95035ca69c063d26818d399f9455f7783951de128b164c4b145ac392 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...