MAL-2025-146343 Malicious code in polaris-galaxy-dione-css-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fe89b18978b330a37b7d1dbdf56eadbf5e873ddc9b39a4676a80187c71923c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148591 Malicious code in testcafe-css-loader-uglify-js-tailwindcss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b040a662f7e8b05e1b6d1cf3784fc142e5ab38537763c5ba7fe1b304a1f7eaaa This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146391 Malicious code in postcss-loader-css-minimizer-webpack-plugin-achernar-barnard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfd5bb703b8e57411fa94222b918c4cd6f4d263eb9ae29e98c2aa60912ac969b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149762 Malicious code in yakutsk-chai-css-minimizer-webpack-plugin-mutation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5302087986235bd39e060db5a14525c740168f2e57d7920582b9991970f2ade5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141305 Malicious code in css-loader-hapi-webpack-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 206c0e0e9e26400badf51e77a0da3c872553ce721b95403abc7cd4bee874bcd5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146163 Malicious code in phoebe-mongodb-css-loader-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a00f85415c125221be192b7593c512d4ec86e74fba8dc5716204f0276c44d2b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146349 Malicious code in polaris-jabbah-hermes-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e89da1dae41a7ae32c18eca5e6979e685dd654c9c55d76cee9c556388ceaa2cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147781 Malicious code in sedna-parcel-css-loader-materialize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 890b20fdeac58083ea4dc8ac0159ee633ef660eb39bd5b22367ef4442d9424b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141300 Malicious code in css-loader-cygnus-restart-cluster (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b023999bb7860791d70cbb22c24dc0e3793a114e9a7edcfd7d4cea97c2f2d667 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142759 Malicious code in gacrux-css-minimizer-webpack-plugin-flare-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc8b4a91227e773e130eae13bfb68e4884b8fad2f307cf3ea714f2a8819940e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-146937 Malicious code in quark-sass-loader-tethys-css-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 116c1347633b8d82c9e598f6bbd05698b5712a0a16af782398747926b03a2c4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148352 Malicious code in subscription-css-minimizer-webpack-plugin-carpo-lynx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4650e80b2c1aaee9d51649d798ab8b1dcd57d9d7758ab69e3f31252ae44e3485 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144970 Malicious code in mini-css-extract-plugin-capella-lacerta-castor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1b5bc74934a8bac1cf36c483b27d6fbdb0ad09d79f4471cbac2695209ecf5b5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in babel-rehype-mini-css-extract-plugin-aether (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a1fc500675fae07b9a876c104374b27b82820a5d8bcfaad02b275aa0426a718 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-122515

Malicious code in reveal-md-flare-kastra-css-loader npm...

Malicious code in sedna-command-optimize-css-assets-webpack-plugin-eslint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 657c3f7f826ca07b971146b54b59d5bd56705c8d153915fedf99957885136a6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141335 Malicious code in css-minimizer-webpack-plugin-ursa-hexo-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 638e5940c3692e0184723af4b60b6ab2fc2f47716e729018664d180a463eb807 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141304 Malicious code in css-loader-gridsome-postcss-loader-yaml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b76708fe5d0a2195e1d55421d5eb35a7bfcffe8ce7ea160c4bdd464e0fe4702b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142098 Malicious code in epimetheus-mini-css-extract-plugin-barnard-apollo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1cfcb545559f2996c7f4a71f9a4e7d0a08c42e31a731215a45e3910b4edabdc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141306 Malicious code in css-loader-kaus-prettier-plugin-markdown-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c520d0a4a8fead49be08d7a48aa69a9c1ca93479e5758acbfae5f2819a1c65ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...