EUVD-2025-122945

Malicious code in query-scorpius-meissa-nodejs npm...

Malicious code in carina-transport-nodejs-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9674ba3bb4b51d8d50b8bcffcf19428bbdce221fc44e026cbf3f7e6947c75775 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-112229

Malicious code in javascript-nodejs-lint-staged-build npm...

EUVD-2025-124237

Malicious code in npm-nodejs-umbriel-buffer npm...

EUVD-2025-112716

Malicious code in hugo-prompts-install-nodejs npm...

EUVD-2025-124356

Malicious code in nodejs-frontend-sync-command npm...

EUVD-2025-116788

Malicious code in algol-weywot-loopback-nodejs npm...

EUVD-2025-123841

Malicious code in perseus-dorado-nodejs-farout npm...

EUVD-2025-124355

Malicious code in nodejs-grus-gacrux-auriga npm...

EUVD-2025-115681

Malicious code in carina-transport-nodejs-sirius npm...

EUVD-2025-121176

Malicious code in tool-sails-nodejs-resolvers npm...

Malicious code in hugo-eslint-config-rimraf-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bfccf30b1a5f7c4f96740bbe3fbcbab70e17acf331b86b4d3d94a861e7f4d3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in google-sagitta-nodejs-nightwatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 338abc925116d84e0ecc7c1b0f9dda422e67c5ad6a11245fb5ce6333b89b3a63 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-124353

Malicious code in nodejs-io-jwt-global npm...

Malicious code in start-ursa-nodejs-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 593bc23c8976e4718436bc2e85ed27103ac307c4bd87d7308b8a3d041620871c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pipe-dynamo-nodejs-stream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa9dac7feb2c94e2e98f30abb6178870ede5b7ff4102a2d06705e6c6e7f5490b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in procyon-nodejs-link-metalsmith (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc6885027c9d224f1ad6b3459b777b2bc5cea2880932235a3b714080e6f01573 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142793 Malicious code in galaxy-nodejs-ultra-wasat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 59f3668b7d034cfc50c80bd3571e04523f59d1da1eb4392fdf1be9e724ce1663 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123659

Malicious code in pipe-dynamo-nodejs-stream npm...

MAL-2025-140052 Malicious code in blitz-nodejs-postcss-umbra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45892fb45c9f93ca8fd5b90a65388042f2205a48413aa509a34733d2c1d972cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...