EUVD-2025-123109

Malicious code in publish-shelljs-hexo-css-loader npm...

EUVD-2025-116905

Malicious code in achernar-geckodriver-element-ui-shelljs npm...

EUVD-2025-115982

Malicious code in bootstrap-shelljs-enif-cassini npm...

EUVD-2025-121997

Malicious code in shelljs-prompts-meteor-pavo npm...

EUVD-2025-115793

Malicious code in callback-reveal-md-xml-shelljs npm...

EUVD-2025-120054

Malicious code in zephyr-airbnb-procyon-shelljs npm...

Malicious code in backend-yildun-fornax-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a40d1de5b24dbb448475870ce97fffe04c4ed911b649262851e279fd42ab9ea This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113090

Malicious code in gravity-csrf-shelljs-celeste npm...

EUVD-2025-115000

Malicious code in cordelia-shelljs-gulp-optimize-css-assets-webpack-plugin npm...

EUVD-2025-113163

Malicious code in global-shelljs-socketio-passport npm...

MAL-2025-149193 Malicious code in vortex-vulcan-commitlint-config-angular-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 488fcc3bef6ab42a047caf3a6e9d707eefc126e0dd734eaaaaa3ea53b5b917f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147928 Malicious code in shelljs-sedna-kaus-callback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6bd92185d5df059e6ea16e930861c0940b5e505fc65388e18f02aa9ea6e53dc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147930 Malicious code in shelljs-ultra-venus-stop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9801de5bef0e92a080f705b4bb2e883cb39029e1d4442212140cd55decd2c408 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149878 Malicious code in zephyr-airbnb-procyon-shelljs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69b9ef6c0754649729eb5f9e2c42335591b0d749077825d24757eea9c21d2a61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-115682

Malicious code in carina-rocket-shelljs-rimraf npm...

EUVD-2025-122938

Malicious code in query-webdriver-mocha-version-shelljs npm...

EUVD-2025-115789

Malicious code in callback-shelljs-antares-pavo npm...

Malicious code in shelljs-ursa-fornax-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54ce1c16c26faee6a4719982db27d0f6c9f0f3d15357bdea35f8156aeb8e2745 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122413

Malicious code in rollup-plugin-async-shelljs-procyon npm...

EUVD-2025-123184

Malicious code in proxima-shelljs-rate-limiter-standard npm...