MAL-2025-186831 Malicious code in eslint-commitizen-firebase-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84a02e2ebc235a5858f5242b7bca357fb71d130da4ddc12d9ce922d603aa30f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188326 Malicious code in nodejs-hyperion-quito-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffe47afcc4eb84693e5a1585a83da52d5bc58a56d4e82fc172e560abdd48700b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188811 Malicious code in prettier-stylelint-got-cosmos-ariel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 191ad1021c21de2e4d2aff52918a87b8c01692e87e5d7d02fa1dd71a2f77ed88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pulsar-graviton-dotenv-safe-nuxtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8546f292f3b1587e20ade12f038cbeab5b773d3169b8f6e03f895d8f6dbcb3dd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in compile-validate-sandbox-node-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdc4473c74d323ab1478cebfa6f67c5738a3dc065c1c5261534dc58cc730cb86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in darkenergy-google-paleoanthropology-thuban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e7840b2d8bc4ea830f6ac0902efab2ed67a3181461cec1cc74a07a7c515f105 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cosmicsilence-quasar-vulcan-gammarayburst (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 866755da032f89e835ad4dcc205c1bb514c50448977117637cdb00b19af44d3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in despina-photon-nodejs-on (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3152b5d159e60035f53ed829f5362c99844bd6585f8e614ae1b496a79ee78f46 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in electron-pm2-toml-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f39fb8a9d75395b1785a187dc32fd7123d42ea214d0d3cd4f9526ff421b0a685 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in enceladus-got-ultra-centauri (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32239f7dbc5399708cd1356919a8314d11782fff280d08afb68b2a936bd12671 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in java-theta-theta-zero-static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de583b65b57ab9087f465b92bd3ee216f6f2f543c1cddc1d8ae174441f641f89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meissa-pavo-asthenosphere-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c245ebc6d662cd2d791c2a665a08b64c0ac325a3faea4ed570146f511d921147 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in miranda-genomics-uninstall-virgo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfeacda2b376daee22f78d9a59bb58433ef352a72d825d0910791a5051064406 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in perseus-selenium-lepton-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9bfc1cfbb199ea1ca3bb90c697618a7d74ab51f4a88a59c1319771b74755a06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pipe-orogeny-await-kaus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2382b0c000b2e4514194f19d8259b7e578360d10c1531f70c0f8429921ac3b9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-adonis-asteroid-acamar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c94420588181dc182ea98ed43b9f6247af8b27913f519ddec433383a013e447 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-superagent-rollup-plugin-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5549aa2809a51a1689820cd3b387c36f2d9dc197d3cb4f92ae2654b6b95a323d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in registry-apex-seismology-ichnology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc0e74f615cb57fa334ff9dd070697aeb39697d41fa7ea06d55847b0e2cc7b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in registry-ursa-prettier-plugin-markdown-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bce70a60b982911ae8463ded8b5a8cfc5578f573075e24291265f231dd7d8f9a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in relay-dagda-sync-graviton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70e2fa9140c056d951512eeda4b917c4d77a95617f974d632aeae2f8e5465c86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...