665 matches found
PT-2026-3410
Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...
EUVD-2025-198960
Malicious code in @tezign/html-webpack-plugin npm...
Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
MAL-2025-190916 Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
EUVD-2025-179457
Malicious code in css-minimizer-webpack-plugin-virtualreality-ignite-node-sass npm...
EUVD-2025-179102
Malicious code in epigenetics-html-webpack-plugin-magellan-augmentedreality npm...
EUVD-2025-176413
Malicious code in server-filament-framework-css-minimizer-webpack-plugin npm...
EUVD-2025-176606
Malicious code in rollup-plugin-chai-soap-terser-webpack-plugin npm...
EUVD-2025-176604
Malicious code in rollup-plugin-html-webpack-plugin-cordelia-rollup npm...
EUVD-2025-179933
Malicious code in bunyan-redis-capella-html-webpack-plugin npm...
EUVD-2025-179458
Malicious code in css-minimizer-webpack-plugin-superagent-npm-private npm...
MAL-2025-187030 Malicious code in fornax-janus-fusion-css-minimizer-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b0fb880a3bfb6b4d32d650b9778f2bab22b66cda0b72f0639a80bccf3fcd8cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186212 Malicious code in comet-auth-html-webpack-plugin-request (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f5b037c3a10e0eb5d63054a411dd6a2daeb791121c669593b5602687a52454b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189269 Malicious code in rollup-plugin-chai-soap-terser-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 961e8a7cfffd287292e217d76e3379b062907280f409cf0ea9836155a60343e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185824 Malicious code in biomimicry-epigenetics-rimraf-html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b99d6b16ce5f9ad8a4b63643f29ff2a163289920ad64bab9677fc22fda67ddb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187374 Malicious code in html-webpack-plugin-hologram-stream-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07f786614246d2d9d6432c8d36c1015a7c75b9a2b3c99baa78f244a48ad6eb9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185890 Malicious code in bootstrap-futurology-bootstrap-html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b104189a74b27deed81a647b36a22f7fbca02dfd1483495bc1805ff2b673e36 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in terser-webpack-plugin-delphinus-membrane-cryovolcano (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f1fbd056f464401107ffa949a75c56dc9110b1b201fa564b844e813212402a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179454
Malicious code in csv-dysonswarm-aether-optimize-css-assets-webpack-plugin npm...
EUVD-2025-179354
Malicious code in delphinus-passport-blazar-css-minimizer-webpack-plugin npm...