MAL-2025-107293

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/prior_sparrow-appteadev/MAL-2025-107293.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-107293
Published
2025-11-11T07:44:04Z
Modified
2025-11-11T07:44:04Z
Summary
Malicious code in prior_sparrow-appteadev (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (f3500d170789f980c3d15ccef92e3098d7ab8b169c6744ebd0cf1851e1e3d98d)

This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts (auto.js, autopublish.js, autopublish2.js, autopublish3.js) designed to automatically generate and publish derivative packages with randomized names to inflate developer reputation scores for tea protocol token rewards. The malicious payload modifies package.json to remove private flags, changes version numbers, generates random Indonesian-themed package names (some variants are also in English), and continuously republishes variants to pollute the npm registry.

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "f3500d170789f980c3d15ccef92e3098d7ab8b169c6744ebd0cf1851e1e3d98d",
            "ranges": [
                {
                    "type": "SEMVER",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "source": "amazon-inspector",
            "modified_time": "2025-11-11T07:44:04Z",
            "import_time": "2025-11-11T07:47:27.974702145Z"
        }
    ]
}
References
Credits

Affected packages

npm / prior_sparrow-appteadev

Package

Name
prior_sparrow-appteadev
View open source insights on deps.dev
Purl
pkg:npm/prior_sparrow-appteadev

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/prior_sparrow-appteadev/MAL-2025-107293.json"