MAL-2025-185405 Malicious code in airbnb-ariel-spectroscopy-ursa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b19845f065d4c024064f3ec180048657e93ef017b2ffdb1aac5409b028db8f1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-162590 Malicious code in nokire-genji96 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f04f91b96c0ba28d0ee2215394177cf64c732e778644aa090eb8af8c67460407 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in postgres-spinner-titan-dotenv-parse-variables (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be7660d9bcacc163d4a42e3a4b61caa5d9ebddbbeb182938dffe65d55df730a8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144311 Malicious code in less-html-webpack-plugin-phoebe-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6233d66c6ce8a24ae4549b43abe8ec5046cc8b0a19973a0bf6447ca912d0408c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147338 Malicious code in rest-altair-csrf-arcturus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10d12f9c3117cd64df99f3421c074d81f3494830740d567162b1decb6a9b9850 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-127117 Malicious code in hanafi-oncom30-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0feacb61d7e0c5f32c00c01143b611879d28f8dfe8712d27a408a6901c0da71b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-98762 Malicious code in injured_bobolink_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2078d7bbcce1bb8f8fb95600fe54b510eecd17674a2b248b82bf02be93e1683 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ade-asinan22-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f82b0b64456f2635ab2af078c1a68d157a7e8e10e2f46145a8610627735e5a57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in spiritual-indigo-roundworm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20e5c3bcf2d32cef6ef8bebfcda81560ecd4e80b5e827edb529b112e3189b33f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...