3 matches found
EUVD-2025-114394
Malicious code in dotenv-parse-variables-dactyl-hermes-spinner npm...
EUVD-2025-124506
Malicious code in nextjs-figures-hermes-spinner npm...
MAL-2025-141715 Malicious code in dotenv-parse-variables-dactyl-hermes-spinner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 553918f29ad698a225d2b077fc60b1d34a4522e23490977aae6619892944fad1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...