289 matches found
Malicious code in hexo-shoka-swiper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...
MAL-2026-6492 Malicious code in hexo-shoka-swiper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...
Malicious code in hexo-deployer-wrangler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...
MAL-2026-6491 Malicious code in hexo-deployer-wrangler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...
EUVD-2025-176275
Malicious code in spawn-scorpius-antares-hexo npm...
Malicious code in dorado-hexo-sqlite-postcss-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a4a93ae9c0b359cf320351a3af5fd7016688cc60265a5c221a86d43cd0faad3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188323 Malicious code in node-sass-slides-koa-hexo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d901b770938de6417077db7f0e64048574068406c7bf11efcce84fe61d1993 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187354 Malicious code in hexo-phenomic-odin-element-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e24f316c2017efbe3858a178ba430fa5b15695ba388d42bc7350613d60c043be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-180275
Malicious code in async-command-farout-hexo npm...
EUVD-2025-175410
Malicious code in zephyr-local-hexo-meteor npm...
EUVD-2025-179188
Malicious code in elara-hexo-postgres-astrochemistry npm...
Malicious code in lepton-cache-soap-hexo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 540a8b1aab1653ea9186f5db7ed0ff5ad6f8e7fb307f940830c94da18ed1a149 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178527
Malicious code in hexo-publish-hexo-xo npm...
EUVD-2025-178526
Malicious code in hexo-restart-farout-sync npm...
EUVD-2025-179276
Malicious code in dorado-hexo-sqlite-postcss-loader npm...
EUVD-2025-180197
Malicious code in avior-ganymede-backend-hexo npm...
EUVD-2025-180068
Malicious code in biohacking-hexo-nebula-non-blocking npm...
EUVD-2025-177868
Malicious code in meteor-bulma-augmentedreality-hexo npm...
EUVD-2025-178529
Malicious code in hexo-interstellarmedium-spinner-less npm...
Malicious code in dotenv-semantic-ui-fusion-hexo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 584061c298f10964689f1ef6b99e08687def32aa09801e3a0bd33abfa06b5ba3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...