MAL-2025-189046 Malicious code in quick-serialize-small-bash-delta (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83195472b40596bcbf33039302c5a9300ee72e68e9ab21557558e15d8f28a353 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in itale-adci-yafing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2da81b4e5dbb224e6016e2d76c4109d8aba0acb07d0a5fe66d5387e0c8afea1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kisut-fafunig-amfacaiufia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14d2d208782d762cce8ba88948f675e66b6d0982f634ee4a48865153689a0839 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-164044 Malicious code in parwo-poke7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fe5ad322b013e0ba4638a82c16d21240d22d7bd967c3e46399e1b6d7338ed45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pino-pretty-markdown-pdf-altair-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 573304594207ecf8910723db18dc49d6e07edd5c5aee43c6a5ddea60ab7800f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-137167 Malicious code in surya-serimuka52-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26d41428857a7da3874149232297c651ba7e598fa4346f3cf57b0cd756cfba3e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in wicked_echidna_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5770fea9fad6ef178bc6d5af87ee2cd0ba00edd72084aa1fa65347fb68aa6a2d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lisa-brongkos67-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16688ebe1c005e398a3572c3d823af3a2d345e2efa9530a2d7d5dbaa4f8979e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vitreous-salmon-snake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d367a7652de0497384529f73d29ebc0c9a72e11de0d4b99b21ea3cd0204ced4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...