Malicious code in signal-star-benchmark-report-small (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0673039fa65b37bfe01eddec1af15894215ced0879b993d1568ac9ea76e07d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in equinox-sass-loader-global-nestjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c598cba85983700b376ae65af350b9c9e8d3c93e46a7d3ad8ddc8430972cf8d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bootstrap-semantic-release-pulsar-koa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6105ade3946c0a9b9a29cac5be3458e9ab96773616c0e664047e26dcd915a13b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in table-old-sun-await-decode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fff252c7519516e755af569d60b67bb3cbe754fc47400f464b2f0a3628ac9d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in moon-small-nu-rain-static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcf2a1dc5076c624ca43163bb493e90fd98998b7c3805d3aa5c9f1f5817c3db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in archaeogenetics-xenos-telesto-tectonophysics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27da6b5fd36366bdf4dc7b0f00159a6daba029c6322eae8913d87161aaa6a6b3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in docusaurus-thermosphere-aquarius-rehype (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9cff65c97dcfbf5b82d994578654a3152ecc637488be528804a85e738be615d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in terraforming-nebula-cordelia-virtualreality (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c189c82723ce5a436c8482e4184626a3def10827f7f0f3bd4cb2a84f806b4040 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zenobia-terser-chromedriver-paleoclimatology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94f6befabd5e1c3a45c07315f720e6099a8015a0b8720eb8aa31782ee0070b8e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kernel-stack-grep-zero-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8586af4b87f0584e7f4565c38a5854e41b7072c3d9a2187bdaf4eed44194e82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in selenology-dione-envconfig-avior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58446230808fb30c9c6d9ddd433a5054ef4d641b42fc35972fa47ede2fec4431 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in browserify-cosmiconfig-testcafe-await (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfff5428f531d2e4567d0a397bb6f4305ee3665f448b346444bc1f04b258b597 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nu-double-import-theta-old (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cac277cdb2603c0d0004386887eb6afc11277f7f1255244070b236987bb24bdf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in import-uglify-shell-assert-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d50bd88fd1544b70a1e57fc9c10d6058a210842a8d2f61d9caa28c034c05fd7e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zephyr-yakutsk-update-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4056139ea2e6931e54f1dbb6be8565d9c94ad19a8e4cc44520c8df7a00ac25f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in toml-terser-webpack-plugin-process-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 108235f2670a8c48b92eae1fda9fbf2849586da19df4677671f9ef5128bb5219 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in radiant-toml-primatology-dotenv-safe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e736c0f15dac33a2a045f08b15563499e027f9774ffeffc83ca24ee39b69a3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in meteor-cache-fomalhaut-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0462fe49c99304144ad4d9f3b517e441c06daad585939395d80b64f71ac5e537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in eclipse-triton-avior-yonder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e452f33f4d946135197dd190e23dc7ccad92501decc88c03373713cb28a1fcb2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190158 Malicious code in virgo-framework-dependencies-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0409c65db6f8bd311bf6cb439379b2c52dc1f8fc0a7ab975a69106943fe4e47 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...