@directus/release-notes-generator (>=2.0.2 <=2.0.4), @kcconfigs/commitlint (>=0.1.0-beta.0 <=0.2.0) +76 more potentially affected by CVE-2025-69262 via @pnpm/npm-conf (>=3.0.0 <=3.0.1)

@pnpm/npm-conf NPM version =3.0.0, =2.0.2, =0.1.0-beta.0, =1000.3.5, =1000.0.4, =1000.0.4, =1000.0.4, =1000.1.0, =1002.1.1, =1008.0.2, =1016.0.0 and more Source cves: CVE-2025-69262 Source advisory: SNYK:JS-PNPMNPMCONF-14897556...

Malicious code in @voiceflow/commitlint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0318a598c3e523953b57c870305c3d1237a290a253f3d69dd9f24bf6ba079d6e The package @voiceflow/commitlint-config was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199423

Malicious code in @voiceflow/commitlint-config npm...

EUVD-2025-176585

Malicious code in run-script-juno-supernova-commitlint npm...

EUVD-2025-179202

Malicious code in eclipse-parsec-native-commitlint-config-angular npm...

EUVD-2025-177795

Malicious code in mocha-epimetheus-zenith-commitlint-config-angular npm...

Malicious code in commitlint-config-angular-init-miranda-luna (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a99b354cc0e80cf5bfdc8e125674477abcb0f262775850a536241b2b90e9e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179634

Malicious code in commitlint-config-angular-forever-dotenv-parse-variables-google npm...

MAL-2025-189169 Malicious code in remark-barnard-commitlint-loop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78fbc8f80c4eaa1b4e6c6d18faaabd90528b2cd1b8a5e7b7f6333164c23b83cb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189213 Malicious code in rest-nova-nightwatch-commitlint-config-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 667df92958e84b0615d81c3cbb178f8c117b019ca8357f70aa7c4c9d742be2b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178983

Malicious code in exobiology-callback-commitlint-config-angular-slides npm...

EUVD-2025-176998

Malicious code in prosthetics-commitlint-astrobiology-io npm...

EUVD-2025-175966

Malicious code in thermochronology-gravity-commitlint-element-ui npm...

EUVD-2025-178613

Malicious code in halley-pm2-semantic-ui-commitlint-config-angular npm...

EUVD-2025-179630

Malicious code in commitlint-config-angular-nodejs-carpo-vortex npm...

EUVD-2025-176239

Malicious code in sqlite-telesto-commitlint-figures npm...

EUVD-2025-179628

Malicious code in commitlint-prosthetics-altair-magnetosphere npm...

MAL-2025-186476 Malicious code in dagda-technocracy-commitlint-gacrux (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5d983e33879369dd931cad741e8149906dfd91e5b8a8b102b534b4b2cea15f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178746

Malicious code in gemini-fornax-commitlint-rest npm...

EUVD-2025-177526

Malicious code in nova-quantum-protractor-commitlint npm...