EUVD-2025-124360

Malicious code in nodejs-dependencies-unuk-duplex npm...

EUVD-2025-123314

Malicious code in procyon-nodejs-link-metalsmith npm...

EUVD-2025-116390

Malicious code in aurora-tailwindcss-nodejs-lynx npm...

EUVD-2025-120278

Malicious code in xenon-nodejs-tethys-husky npm...

EUVD-2025-124361

Malicious code in nodejs-cygnus-sync-markdown-pdf npm...

EUVD-2025-121962

Malicious code in sirius-nodejs-pino-chalk npm...

Malicious code in google-sagitta-nodejs-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 338abc925116d84e0ecc7c1b0f9dda422e67c5ad6a11245fb5ce6333b89b3a63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120062

Malicious code in zenobia-nodejs-sass-loader-phoenix npm...

Malicious code in convict-query-nodejs-prettier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947879ab9208e82054fd505807da031763a35a0ff420bdf7e46e98c33eec225d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124362

Malicious code in nodejs-csrf-dotenv-safe-solis npm...

EUVD-2025-124349

Malicious code in nodejs-mongoose-dotenv-mongoose npm...

Malicious code in hugo-eslint-config-rimraf-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bfccf30b1a5f7c4f96740bbe3fbcbab70e17acf331b86b4d3d94a861e7f4d3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-111756

Malicious code in levels-node-config-nodejs-dione npm...

EUVD-2025-114101

Malicious code in eleventy-nodejs-luna-adonis npm...

EUVD-2025-121090

Malicious code in typeorm-bulma-optimize-css-assets-webpack-plugin-nodejs npm...

EUVD-2025-123950

Malicious code in parcel-sedna-react-bootstrap-nodejs npm...

MAL-2025-141247 Malicious code in cressida-vuepress-nconf-xml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b3fad2a7701e8e70e72d43cee4ad37b3a44e2bbbc521f2696eaf92805c68b54 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148720 Malicious code in toml-nodejs-spinner-uglify-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39b665158c37110255c5be34bbe5ad2da8289d225777f4daeed830c7f915a5d3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145560 Malicious code in nodejs-cygnus-sync-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83ce14a4ddd7e7d11d764543dc23faf3d5934fb6001941a7c607b55b5975b389 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123659

Malicious code in pipe-dynamo-nodejs-stream npm...