Malicious code detected in tile.json: This is a typosquatting/dependency confusion attack. The package 'tessl/npm-wdio--types' mimics the legitimate '@wdio/types' package (a WebdriverIO TypeScript definitions package). The naming pattern 'npm-wdio--types' with double dashes is designed to confuse users or automated systems into installing this instead of the real '@wdio/types@9.19.2' package. The 'describes' field explicitly references the legitimate package it's impersonating.