MAL-2025-187314 Malicious code in helios-centaurus-juno-lint-staged (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 929260b67680ed0507a691726e1f4f84a5fb3205b6e1217e1356966bbbfa20e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in heka-quito-pipe-eslint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a3cb45f4fec9cb327be07a8aedced75d54aa818fe1ca99e50e7035a8a620031 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in local-run-script-ophiuchus-global (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bb8344fa0bf708a5d389890c5264e3d60bb553c221469e2dcda9bf9d1a03281 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-126878 Malicious code in gita-miemee46-wekto (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0920912c3694b8786dd714d82d240bc31da34d911ec37b62a475bec5f3a41923 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in erwin-papeda86-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2505a8f349da17b6e82695c83d596735f8c5d68e60b32549b78954054342e0c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in blushing_raven_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4e4d896c62597a7c1787fd199616dce16f29e0bab169b43099d6d036b85f339 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in irma-tahu21-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2308310033b5d11cb46a67191096b052418c09aa7afdf764797a9e880cb4922d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-107902 Malicious code in renewed_ostrich_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f0d27daec223f62aa8eaa7b49e0f2c07aa8ab01cc83b329a4a686dc0c6ae437 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in basic_mole_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d697b9c0b337713b448a5a90310f9e43aa7757f68332336aa64483f8c2bb8df0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rifqi-kacang83-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5c8b29659c47cf0456b15f02e0403ceb5772f3a8df070431d3423e65cd60f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-82065 Malicious code in vera-sambel51-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea6d28f0b9143adc7a7d0e4ea7247fa7973b2b1244d463f76567990399916b14 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...