MAL-2025-146635 Malicious code in promise-cressida-link-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55087f73e61906bf5e0de5f431ab2561dc61d4dc847696b9b09fb2b7b812ef23 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145874 Malicious code in optimize-css-assets-webpack-plugin-yildun-hugo-nova (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d40cca4431ebe10a20e76cb02d720527955bc8358a7289cd5744c41ee9d29c0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149394 Malicious code in webpack-colors-xerxes-slidev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab249f4b1186df6b683ff0bb6ef3da1840b0d65c1ff48b33fef2e5d9cec0feb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143364 Malicious code in html-webpack-plugin-hyperion-vulcan-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b341a0c15bb2ca0e6a7ae84ac4e02681230227fc30a00d3a2f1af1c0d6f4f74 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139561 Malicious code in aquarius-webpack-ganymede-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f3c8839bc40bff2fc831eed2f2f16a2ede89e3ad0670e7e85bb2645c985847a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148542 Malicious code in terser-webpack-plugin-airbnb-test-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad7a06295fbc84afce143fd5b0a10715eb54d6bfc38ec32d8c2022006a9c0cc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147094 Malicious code in readable-xanadu-zenobia-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc92c96d3ca99d6166dcc1bfdf45c8e4a21ea3ca0e602f88717aebed70a8c03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-139480 Malicious code in apex-html-webpack-plugin-configstore-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 775b8b2c4b1d74cbab0589fdfa152118eaaf2aa7aa84d5514a8cd43e5d42bf6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145476 Malicious code in nightwatch-ophiuchus-html-webpack-plugin-resolvers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd914900fc67827f00e07c2f5c5fcde3d709bb90a7146f51700c73d01e22125 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143874 Malicious code in jasmine-webpack-cache-ganymede (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5c042d0c0100bbb1803f2909889b6bb8896aa6622806d1239f8271b65ac7101 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146162 Malicious code in phoebe-metalsmith-css-minimizer-webpack-plugin-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c7758742d6ce3f84c41f899059c9fa2f6d10ec4d81abe2446f4316493355a77 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148554 Malicious code in terser-webpack-plugin-lint-toml-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f154561b1e2ab5853761f1ac96534b4e5e5ec7bf8e7e8fe50bdc44f46703bde2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143739 Malicious code in iota-publish-farout-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5af19c1d6f08e7ef2fd2f4ffea93902babce362354f088e98f6484d66559a40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147002 Malicious code in quito-request-karma-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c90bb0614863aef8fa9c825f50394f601085ce72fe96a6c0d37ac4d097153fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143357 Malicious code in html-webpack-plugin-cache-spawn-jovian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15fbaa78ca0f18a5e9ed1f2a13da754a46cc25dcf6e512c8966c3e4f105e78f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-140935 Malicious code in commitizen-less-loader-mysql-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1b0ecbb57fc6d6f24d993aca7226c40313a8afa4b924e0eff9c1058e3b64581 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149408 Malicious code in webpack-supervisor-dotenv-vega (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2714d08ed8aff240d888fd65a138d36e56492e01ad10970dd01de5664bd97de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144536 Malicious code in loop-style-loader-webpack-promise (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c401449ca2d854d6f789383555083c91f77978a2abd1a287fcc81f24166626 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in webpack-sirius-remark-antd (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6f628b8907e950e80fb1ed0d48a93a649bfd242b171a87c339eddd24119c505 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143399 Malicious code in hugo-sedna-element-ui-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8cbb809a5a462eecb562ebf259496a3417030ea7068dd248d7c76664b049056 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...