EUVD-2025-179253

Malicious code in dotenv-semantic-ui-fusion-hexo npm...

EUVD-2025-175791

Malicious code in upgrade-hexo-gulp-cosmogenic npm...

Malicious code in hexo-phenomic-odin-element-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e24f316c2017efbe3858a178ba430fa5b15695ba388d42bc7350613d60c043be This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in biohacking-hexo-nebula-non-blocking (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 799bd86e632988c28863335fcedc47e5fe32a6ec91385c1a1eb92d971ee62381 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178526

Malicious code in hexo-restart-farout-sync npm...

EUVD-2025-180197

Malicious code in avior-ganymede-backend-hexo npm...

EUVD-2025-176275

Malicious code in spawn-scorpius-antares-hexo npm...

EUVD-2025-178531

Malicious code in hexo-commitlint-config-angular-nuxtjs-neptune npm...

EUVD-2025-179188

Malicious code in elara-hexo-postgres-astrochemistry npm...

EUVD-2025-178717

Malicious code in geodynamo-stop-hexo-markdown-pdf npm...

MAL-2025-187350 Malicious code in hexo-boson-charon-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56cd66ea725cf1761fe3250a133dfda961733f0870f716905609eae11f5f91d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179276

Malicious code in dorado-hexo-sqlite-postcss-loader npm...

Malicious code in geodynamo-stop-hexo-markdown-pdf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eca0a2915c66dd42a7b4e7dd744b1a10f4f2a0085b8213be501a8ef39cde5d35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177109

Malicious code in polaris-playwright-optimize-css-assets-webpack-plugin-hexo npm...

Malicious code in dotenv-semantic-ui-fusion-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 584061c298f10964689f1ef6b99e08687def32aa09801e3a0bd33abfa06b5ba3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177132

Malicious code in playwright-phylogenetics-eigenstate-hexo npm...

Malicious code in hexo-restart-farout-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5247e16048caf71cba989ce7d7576f498fa66a44e6060ab73d416196f8e68e95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188323 Malicious code in node-sass-slides-koa-hexo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3d901b770938de6417077db7f0e64048574068406c7bf11efcce84fe61d1993 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-187356 Malicious code in hexo-restart-farout-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5247e16048caf71cba989ce7d7576f498fa66a44e6060ab73d416196f8e68e95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177868

Malicious code in meteor-bulma-augmentedreality-hexo npm...