Malicious code in spica-magellan-css-loader-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d8f507c0238aa2b70a6d45190da561364316f170d18e907d2595af4d14721e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-116342

Malicious code in auth0-weywot-colors-css-loader npm...

EUVD-2025-114778

Malicious code in css-minimizer-webpack-plugin-perseus-phoebe-betelgeuse npm...

EUVD-2025-112564

Malicious code in impulse-optimize-css-assets-webpack-plugin-hermes-sedna npm...

Malicious code in deimos-lint-mini-css-extract-plugin-kastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 807c02587c8bfdfb4a5cb0891d69ef15f034064df3bdd7fc4dbc4172fe0544af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113102

Malicious code in graphql-transport-umbriel-mini-css-extract-plugin npm...

EUVD-2025-111146

Malicious code in mini-css-extract-plugin-callisto-vulcan-apex npm...

EUVD-2025-124720

Malicious code in mui-css-minimizer-webpack-plugin-chariklo-nashira npm...

EUVD-2025-111127

Malicious code in mini-css-extract-plugin-postcss-hapi-protractor npm...

Malicious code in css-loader-spinner-hermes-hydra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8302d0741db7d221e02f8e9ed2a744e8586ed4f7241cb1249ff6f197772e806 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124064

Malicious code in optimize-css-assets-webpack-plugin-betelgeuse-commitlint-config-angular-apex npm...

Malicious code in optimize-css-assets-webpack-plugin-radiant-aquarius-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 913bbf04b9d69140ecb5c9b9f40687172fc561d0617dba209fe8a7a78d5f9062 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in css-minimizer-webpack-plugin-comet-impulse-loop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2036bd03a92e217ea6354ba65928a8ff78ecbf6c59fc278e254c0d1d3153fa76 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-114785

Malicious code in css-minimizer-webpack-plugin-docusaurus-react-bootstrap-dagda npm...

EUVD-2025-116932

Malicious code in acamar-css-loader-style-loader-readable npm...

Malicious code in release-it-optimize-css-assets-webpack-plugin-nextjs-development (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c764c8e1197089b89a69cbb65b46608e4f93bbeb4b959adc6fa58e7f730d0bf6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-114793

Malicious code in css-loader-soap-elektra-andromeda npm...

EUVD-2025-121822

Malicious code in spawn-mira-canopus-optimize-css-assets-webpack-plugin npm...

MAL-2025-143653 Malicious code in inquirer-optimize-css-assets-webpack-plugin-umbra-repository (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b6e103bdf6239a1f4ae1ea1b859a0de9a6bbafe30cb680fe33b95e1adacff57 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144737 Malicious code in materialize-css-loader-install-dagda (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b13edd62a1c3d497a562a02de2b3cc6d3576b08b3540dc41d920894af98afd1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...