@directus/release-notes-generator (>=2.0.2 <=3.0.0-rc.0), @kcconfigs/commitlint (>=0.1.0-beta.0 <=0.2.0) +76 more potentially affected by CVE-2025-69262 via @pnpm/npm-conf (>=3.0.0 <=3.0.1)

@pnpm/npm-conf NPM version =3.0.0, =2.0.2, =0.1.0-beta.0, =1000.3.5, =1000.0.4, =1000.0.4, =1000.0.4, =1000.1.0, =1002.1.1, =1008.0.2, =1016.0.0 and more Source cves: CVE-2025-69262 Source advisory: SNYK:JS-PNPMNPMCONF-14897556...

EUVD-2025-199423

Malicious code in @voiceflow/commitlint-config npm...

Malicious code in @voiceflow/commitlint-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0318a598c3e523953b57c870305c3d1237a290a253f3d69dd9f24bf6ba079d6e The package @voiceflow/commitlint-config was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-179631

Malicious code in commitlint-config-angular-init-miranda-luna npm...

EUVD-2025-178863

Malicious code in fork-lightyear-commitlint-unuk npm...

EUVD-2025-179406

Malicious code in dagda-technocracy-commitlint-gacrux npm...

EUVD-2025-176917

Malicious code in publish-superagent-rollup-plugin-commitlint npm...

EUVD-2025-179626

Malicious code in commitlint-resolvers-procyon-pm2 npm...

MAL-2025-189615 Malicious code in spectron-webdriver-commitlint-apollo-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2f9393dc8a7a4eaa19f6f45d6cfee1f7b390f6d38c9d5c9e9a13032f53e195c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186051 Malicious code in centauri-lyra-prompts-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7b9d80123339b9219c56b928dd260db119229c29a605ff5c389d3b57d4a5d7b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178887

Malicious code in flare-commitlint-hydra-astro npm...

EUVD-2025-177736

Malicious code in multiverse-jsonp-mdx-commitlint-config-angular npm...

EUVD-2025-177567

Malicious code in node-sass-commitlint-lynx-public npm...

EUVD-2025-176998

Malicious code in prosthetics-commitlint-astrobiology-io npm...

EUVD-2025-180329

Malicious code in ariel-callisto-commitlint-config-angular-install npm...

EUVD-2025-179625

Malicious code in commitlint-slides-octans-resolvers npm...

EUVD-2025-176585

Malicious code in run-script-juno-supernova-commitlint npm...

EUVD-2025-177322

Malicious code in parcel-panspermia-commitlint-config-angular-tectonophysics npm...

Malicious code in loopback-remark-cordelia-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d03050b2cb2866d7de11164971c4591795fadadb14bdf9da6411cc366238b169 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in bellatrix-odin-redis-commitlint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector abb2c6e623c7d9e32f8ec2d22c12a773727da425828e927da38a134bd8f8e17f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...