289 matches found
Malicious code in hexo-shoka-swiper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...
MAL-2026-6492 Malicious code in hexo-shoka-swiper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...
Malicious code in hexo-deployer-wrangler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...
MAL-2026-6491 Malicious code in hexo-deployer-wrangler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebc95a6a1ae1e522feabf03446f9791372191e27ca9da454717559b6cc6948eb The package ships a binding.gyp file line 6 containing GYP command-expansion syntax !... inside the targets/sources fields. npm implicitly runs...
EUVD-2025-176275
Malicious code in spawn-scorpius-antares-hexo npm...
Malicious code in dorado-hexo-sqlite-postcss-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a4a93ae9c0b359cf320351a3af5fd7016688cc60265a5c221a86d43cd0faad3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178705
Malicious code in global-cassini-hexo-flare npm...
EUVD-2025-180275
Malicious code in async-command-farout-hexo npm...
EUVD-2025-175410
Malicious code in zephyr-local-hexo-meteor npm...
EUVD-2025-179188
Malicious code in elara-hexo-postgres-astrochemistry npm...
Malicious code in lepton-cache-soap-hexo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 540a8b1aab1653ea9186f5db7ed0ff5ad6f8e7fb307f940830c94da18ed1a149 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175564
Malicious code in wezen-hexo-update-lithosphere npm...
EUVD-2025-177132
Malicious code in playwright-phylogenetics-eigenstate-hexo npm...
EUVD-2025-177109
Malicious code in polaris-playwright-optimize-css-assets-webpack-plugin-hexo npm...
EUVD-2025-178527
Malicious code in hexo-publish-hexo-xo npm...
EUVD-2025-178526
Malicious code in hexo-restart-farout-sync npm...
EUVD-2025-179276
Malicious code in dorado-hexo-sqlite-postcss-loader npm...
EUVD-2025-179253
Malicious code in dotenv-semantic-ui-fusion-hexo npm...
EUVD-2025-180197
Malicious code in avior-ganymede-backend-hexo npm...
EUVD-2025-180068
Malicious code in biohacking-hexo-nebula-non-blocking npm...