MAL-2025-186110 Malicious code in changelog-gridsome-perseus-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 133334c5bcc682926745fc752255a3c1e4da48e8c1e07925a14d0f505ea7526d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-113064

Malicious code in gridsome-optimize-css-assets-webpack-plugin-request-aurora npm...

MAL-2025-143036 Malicious code in gridsome-css-minimizer-webpack-plugin-graphql-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae26c88c181d9c55babee3d7420ebd9761f1cc23f179a381d9b81d8f747c8c1c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in kronos-gridsome-eslint-plugin-forever (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d49831c60df02a4ec563dc66764d272a886cb44223adb4887a15af6b9ab643b4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gridsome-optimize-css-assets-webpack-plugin-request-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f976666400c8581d9105dfe0fb7da5ae6fb7131a6b527569a93b206d34a4c7e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143040 Malicious code in gridsome-eslint-plugin-neptune-quito (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f05892523376040a7b321ac3278985edf9c519d65ebcbe687651dddf10f1f85d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142541 Malicious code in fomalhaut-gridsome-sagitta-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26ae1f421c71ebc6177df930c078eef70cfa8aad7575e2f67abdcb3fafb6637d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143048 Malicious code in gridsome-optimize-css-assets-webpack-plugin-request-aurora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f976666400c8581d9105dfe0fb7da5ae6fb7131a6b527569a93b206d34a4c7e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143047 Malicious code in gridsome-oauth-bulma-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f07451b678a3fdfbd18a8d0021a392029d22dd35b437bdc15c8d3c07a3555463 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...