@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.4-alpha.2) +18 more potentially affected by CVE-2025-61686 via @remix-run/node (>=2.0.0-pre.0 <=2.17.1)

@remix-run/node NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2025-61686 Source advisory: SNYK:JS-REMIXRUNNODE-14908858...

EUVD-2025-176996

Malicious code in prosthetics-leda-mantle-deimos npm...

EUVD-2025-176580

Malicious code in run-script-zenith-mantle-blaze npm...

EUVD-2025-176568

Malicious code in sadr-passport-mantle-meissa npm...

EUVD-2025-177069

Malicious code in prettier-plugin-markdown-mantle-hermes-geodynamo npm...

MAL-2025-188879 Malicious code in prosthetics-leda-mantle-deimos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b02ccf110939f33fbfa2672f6cba59b7579228e554de159d0d913b20d0526171 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177962

Malicious code in mantle-mini-css-extract-plugin-singularitarianism-areology npm...

Malicious code in nodemon-terser-webpack-plugin-private-mantle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e48a9fd6450f06e90ee5d9956c154c4f2502f33ea2ea4855e7091ec32a7172e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in parallax-chakra-ui-mantle-inquirer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5160f72010bf6f5762daca3a099c3a80bdc7ccb9da4832813a1a861b6daa7085 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177329

Malicious code in parallax-chakra-ui-mantle-inquirer npm...

EUVD-2025-178591

Malicious code in hawkingradiation-eslint-mantle-lyra npm...

Malicious code in sadr-passport-mantle-meissa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfbf90790b787c745d7ecc3df9a5bb266126009d229135095e2d81322087b872 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188337 Malicious code in nodemon-terser-webpack-plugin-private-mantle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e48a9fd6450f06e90ee5d9956c154c4f2502f33ea2ea4855e7091ec32a7172e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-177965

Malicious code in mantle-achernar-kinetic-whitedwarf npm...

EUVD-2025-178916

Malicious code in figures-mantle-docusaurus-promise npm...

EUVD-2025-177964

Malicious code in mantle-asteroid-charon-quasar npm...

EUVD-2025-177545

Malicious code in nodemon-terser-webpack-plugin-private-mantle npm...

EUVD-2025-179766

Malicious code in changelog-supernova-mantle-hermes npm...

EUVD-2025-177961

Malicious code in mantle-private-mineralogy-morgan npm...

EUVD-2025-177963

Malicious code in mantle-galaxy-vuetify-pm2 npm...