MAL-2025-188715 Malicious code in pipe-byte-spy-fork-notify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fd87d19caaf820636be34fefdcc3bd3a61cd09787dfd04607c34c5c26a7c25c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190039 Malicious code in umbra-jekyll-foundation-graphql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c106822cf8e3fa26d502751c57e0f20c137335a06eaa078c6724cb7fa72d9938 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187052 Malicious code in frontend-kuiperbelt-proteomics-miranda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c314ade66b9a498126b2a83549889c2c81a192088d4ff4e9dd5b78d8bdd4068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190351 Malicious code in xanadu-proxima-transport-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4aeb08505911268d5477af6771dde49e5f8b308294908a14422197c264ce684f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188339 Malicious code in non-blocking-luna-axios-pegasus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e90d96a5087b0d86ea97cb4b2dd3fb37497ff4b0f4a61dc835ba9fba5a1215d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190387 Malicious code in xerxes-nuxtjs-enif-superposition (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a3df68c1dbb342fe2e72f7fab9e48410d45a2321d9e4454632ee3c0f2b8aeda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185851 Malicious code in blaze-antares-taurus-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ad226b864d7c4e73ea785218719e45d19c4ac3acdb0c4d2a3c0530ff2b85350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in relay-dagda-sync-graviton (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70e2fa9140c056d951512eeda4b917c4d77a95617f974d632aeae2f8e5465c86 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186077 Malicious code in chai-got-pino-commitizen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d4038eb99c7a3c61857cd8ea91f7024e5f1510152d4f3c6577ad77a0bfbd3b9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188564 Malicious code in parse-kappa-void-proxy-scale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3590151b0daf282a28b49f4a481548cae0c6a1f81a39e16698dcd0c0d72bdb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rho-mu-catch-double-cloud (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce2ad1e3def43f350a2696c66f918e07254dd687bc10518a3202abe7539570a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in slides-photon-nightwatch-stratigraphy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 444e670a73192fcb4bb106568c8db84e3d394ec118dc7e174a44da9d20b5a52b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in publish-yildun-magnetosphere-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccb89cf07a1705113e53696ca73ca6a22b8cf88af3bf3ca4a7eeb158514ec49e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in comet-mutation-commitlint-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bd2a460ca0073a03ed3c72112f9aa3039146098c9d9b9c319caad2451f7ab58 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in execute-java-short-cluster-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e0078f37af1918262289019391ff05bf9d93d02c69489efe7d3c4cd18bc998f1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hercules-css-loader-restart-eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71cc33249cf2dbd5db35e33047b6953ad257e29a19278529523291fbffb2ed6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in xanthus-redis-scripts-fomalhaut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5378a4c2406d3bf5d4a642721349c3ebe3396f5805ea6a6298f597ae191792cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in transhumanism-blueshift-thuban-geckodriver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42d67c23d5b5afa24d365f038dfc900460ad6920968cb7725c1ff6a31a5a2172 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in helmet-pegasus-non-blocking-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14468cf08644b774f382415ed7ea9da2eca47006b532d6e5389e4ad5a9f45130 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in schema-wasat-development-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea5f6eaa3bd982241d93e268623b9e2a3f9a157067253101f30b132eb97f64f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...