MAL-2025-189152 Malicious code in relay-dagda-sync-graviton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70e2fa9140c056d951512eeda4b917c4d77a95617f974d632aeae2f8e5465c86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186412 Malicious code in csrf-relay-miranda-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f899356aede6a0e064a4ad0d787f45e899605f276b16981fa45ad710d5d7f054 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187327 Malicious code in helmet-release-it-enceladus-figures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac31376fc97d374897aa40e11086913141414c12cb08ebf5b53dd7f29a6780fa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187225 Malicious code in greatfilter-venus-stream-halley (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2688ecd07f82607da45c4ce63b5e64aab9f8a5cd170454bb2ba16f0dbd1b5a8f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185496 Malicious code in apollo-aldebaran-miranda-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6d1896c35173f726b4ec506881e4897c4a13138416fcefbb01ece9e47041a06 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189042 Malicious code in query-sed-hash-mu-link (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5e5ff46385a6c398888d0e98adb6298c90d848a3297da7da247fba314dd47ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190380 Malicious code in xenos-nconf-aurora-redis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3becc1558a04e4d28823447dc8ebf2bb654650dee47d902b2c138cf0f0d3ba20 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185705 Malicious code in awk-minify-minify-proxy-omicron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1208fc2ae9856f039e6e138fcb07fbd979361c684b17686c6b35f22247a99bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190358 Malicious code in xanthus-redis-scripts-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5378a4c2406d3bf5d4a642721349c3ebe3396f5805ea6a6298f597ae191792cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in daemon-function-throw-file-dog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5a73e261a4f17a185bcca6a3ab3abc503be436cc2631043966eea2b64c29a97 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sync-uglify-js-rest-superagent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab95b633e6385faa2ae97803caa076c5aa6894ce8f5a472eb6441b96ae2ea32e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in framework-release-it-fornax-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b7d00319abd576e303397fbe78c43c769e871f30b6725bd501a0203e38c58f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nova-virgo-jasmine-redshift (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58861c5c536b49fbdda4e8bf495e52ae8eea5685b547b5cb54e6d2c7f17b20fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in corvus-darkmatter-titan-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ee347a8414e37c2db0dd852e5fcce8e90db1d785146cb6c111173d9d2a5b048 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in unix-zeta-star-execute-uglify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c33862756501024f2e8c14ac92df950c1c78a5d1a0d95d1979c172205a8430db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in weywot-resolvers-vuepress-rollup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bdb11770ab86d295bfb45a4a377949b744a249875509122d45dee4c8f543e66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xo-koa-metalsmith-perseus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bc93d08c628e258a21edbc1a71b39f0d152d7a6764acf3855fe0a3c44f76f60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in slidev-levels-install-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09ab6a6244fda69cb617aec284412593aaf95900f028ed41c9805a71c843f185 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in impulse-holography-grunt-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c28c8183009a08a11188523afcf95bf4a90b317d6e72e29db3fb3800beef2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in neptune-vega-slides-browserify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25682a3ed251ba5db9bb43d5f80a93426e070844ca49a329dde44e797627c644 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...