MAL-2025-186738 Malicious code in enceladus-sirius-radioastronomy-octans (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24f57bc69c731ec02e2811fda830912031459311f70ab51b01296169cfd7a5c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188495 Malicious code in package-uninstall-scorpius-react-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a74311a498dc54021eb8645f2068701b117d54e9b84519e6d9a51fc46143595 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187459 Malicious code in indus-neptune-typeorm-io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5516309892382b3fb0fe6dd7dffb02a9504ac82c70a818e30c46579076ffb483 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188872 Malicious code in prompts-meissa-lacerta-deneb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c10fd22419fb3d6e178c081f9d5255950af4238612ae142fa4a8d8b98ccd3ed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188893 Malicious code in protoplanetarydisk-prettier-stylelint-jabbah-sagitta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb0ec18ef13c4eba082ad93c59132fefce6e00204e10ea87e8e9685f5035651 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186390 Malicious code in crust-thuban-archaeogenetics-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1d77d5878eb84187eaac9705aa2e1f130b0c1a6d7d56c13ff36950c3de33028 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189777 Malicious code in supervisor-adonis-epimetheus-rimraf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 031b5317eed45524e3872e8c8ded824692243142391e082542e9e09a09e40c6d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190052 Malicious code in umbriel-zenobia-sedna-odin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b10880c1028577aca2324bcb02cb17d6dcafcf9da7aade9173f0cd6991bed7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187000 Malicious code in float-encrypt-awk-dog-export (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1c90aa27b8b2e55c0c6642bc683065f853ef3a1db966142393bd9fc8f637f11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186765 Malicious code in enum-interface-grep-reject-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9747adeee551e390a70f8a76ee111fb487d01e20f50b884d50ee6cbe5e0d4f3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189945 Malicious code in toml-csrf-quark-geodynamo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3982dbf209ee7d6c85aa17c309ca25a440c04ba6066aa91726691826108aebb5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189687 Malicious code in stream-redis-bellatrix-oscillation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d28d234dac2b514572f66ad2ad3ccae3cc70103cf5b2461fedbff81f34bb2353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189947 Malicious code in toml-json-express-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e3cbd03b3937d2d33a6253b82a0a39f4f6f81fd66eebf439e0d0ec0bf26ce60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-190066 Malicious code in unuk-gatsby-dysonswarm-izar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f84f98dd91a2ce134aab93b6d61ef65104da91ef0514bfa2d9358081ca7f0ac1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in neutronstar-hologram-volcanology-asteroid (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e16c455d2bae43492d5ad9590dbe8f3ae4aebfbac806f385ed676a3856de3121 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in old-reject-mu-char-decrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 795581f673163aef7e16e1a617f1c1b6d1f1fb115d6ecfba311f73909abab4d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in superagent-loglevel-stop-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a6c222ed3fc6b5b431b69951f4f3dec5dc9dc593bbde310b59367cb4130c446 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vuepress-winston-deneb-vulcan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b680b994c88a74132e41b6149654104412796e59caf936a14b48d70c5e97e4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dotenv-safe-parsec-soap-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e893f8ea331585741d2e799fca6e6967bc3995df4fbfe523ae985a21231bd8c8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sagitta-polaris-configstore-commitlint-config-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8a105ecd8ce1e73138202d04dda63b4869c363dc694a29aa66527412831360b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...