MAL-2025-188542 Malicious code in palynology-semantic-release-pulsar-wormhole (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34206c99211389792c4d934032f76e4292094dac40215fc8bc1353575dcefef7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189043 Malicious code in quick-decode-transpile-array-wind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 789be1eb5319667c7103faae653520c2ac40f78ca9957e497f34f7395845b3d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186606 Malicious code in dorado-hexo-sqlite-postcss-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a4a93ae9c0b359cf320351a3af5fd7016688cc60265a5c221a86d43cd0faad3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186351 Malicious code in cosmogenic-genomics-scripts-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ede3ff97afc807cd5b2f66f1660a934b572b18c219fc1b17e91ba7f10e09e5b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187302 Malicious code in heka-buffer-holography-subduction (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05d43fa721efe3264cc084cffea7aa55b2acc8a7e66e03ccdccfd836abdd2771 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189757 Malicious code in superflare-tectonophysics-less-deimos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb1b8da8dc9f41bfa1ba5e27052994c79ef7554a21aa878b14d2a0e3e5b19562 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188061 Malicious code in mira-pino-impulse-adonis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97a1147eb997379acf6a6c10728cc952cf4d610b234389989f89effcc5486ffd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in electron-pm2-toml-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f39fb8a9d75395b1785a187dc32fd7123d42ea214d0d3cd4f9526ff421b0a685 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-postcss-loader-achernar-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7167bde1de257f069e942b993e91cae612193ea9171edcb8a7f3df6aa4653c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189640 Malicious code in stack-compress-nu-zeta-mock (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 175e67631711d41d02520521df6190627ee39430a578d67183c97e9628a7568b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190399 Malicious code in xml-proxima-rest-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a1102d2c7aae26b1696c4937b33f1603f7e0cb43277d6af00d48ae46b44ba92 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nova-chakra-ui-css-loader-eris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33fba34563f447f01ce0f666ca1461181b88fe72fddd18a86916eea8ecf8b6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in metalsmith-xanthus-react-bootstrap-sequelize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c249cc1d9495c472c96febcbb4aa5275a3ddc5edcbc067eb482c1e37aa6b7cb3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in protractor-stream-frontend-dynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0484f67f780b12ef69834da07acf3c1fdf3692c3ebaaf2e4cf41fd024ecdeed3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190205 Malicious code in vulcan-delphinus-protoplanetarydisk-gatsby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b24d971495291e83f1b4c4e45bbbcca2ecbe2a09313935b9aa7b391db4d8be1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187552 Malicious code in isostasy-meteor-passport-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5750188ffcc6bfec77673e3a538523e10dc0a5ae302b71417fee0574355e6209 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in update-proxima-xenobiology-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a389c341f2920c0cd511d5980bc1b6da96ec9cd4958b7970e42dd5802fffa3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rimraf-isostasy-algol-paleoanthropology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3481301405182aeda1f115cbdd839ab65c80a8048007b504458f4df9b948c27f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in antares-thermochronology-parallax-blackhole (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1edfdd0642d9a4048a8b1734c5efe86d4bab6e2ec788036da89cafd83cb23f0c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in baryon-ini-biomimicry-entanglement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd3513dd31103848bc094a4a190c5ad0a85ff4cb3dc49d6174a5d5e91512ba98 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...