@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39365 via vite-plus (=0.1.11)

vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39365 Source advisory: SNYK:JS-VITEPLUS-15922214...

@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39364 via vite-plus (=0.1.11)

vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39364 Source advisory: SNYK:JS-VITEPLUS-15922246...

@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39363 via vite-plus (=0.1.11)

vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39363 Source advisory: SNYK:JS-VITEPLUS-15922243...

@bloggrify/bento (>=0.9.5 <=1.0.0), @bloggrify/core (>=1.6.0 <=2.0.2) +29 more potentially affected by CVE-2025-69874 via nanotar (=0.1.1)

nanotar NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on nanotar and may be impacted: - @bloggrify/bento =0.9.5, =1.6.0, =1.3.1, =1.2.2, =0.1.2, =51.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.0, =1.1.1, =0.50.0, =0.50.0, =51.0.2 and mor...

Malicious code in aquarius-slidev-equinox-procyon (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa0b4b93c5880a11a602e472cc9f2c1f1a2fb41779b5d28d02295ae6d2c12554 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176338

Malicious code in slidev-parallax-epimetheus-redis npm...

EUVD-2025-178390

Malicious code in inquirer-technosignature-slidev-sagitta npm...

EUVD-2025-177026

Malicious code in procyon-slidev-process-webpack npm...

EUVD-2025-176427

Malicious code in sequelize-slidev-forever-rollup npm...

EUVD-2025-175889

Malicious code in transport-registry-slidev-upgrade npm...

EUVD-2025-178947

Malicious code in extremophile-slidev-radioastronomy-coronalmassejection npm...

Malicious code in callback-fomalhaut-slidev-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6530e7d524ba18030b212aec51ecb2bc02efc16da675b6d3b84232396518dcf2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dorado-slidev-hyperion-avior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1d9b51963730a8f63d82b2a36879f53b58198545402e1f775c81363ba94df60 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178864

Malicious code in fork-eslint-slidev-chakra-ui npm...

Malicious code in transport-registry-slidev-upgrade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2660007516964d3692e02aabbe87172c23d0b68035f75d6dfe2d597e17f4948a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179023

Malicious code in ethology-ophiuchus-slidev-markdown-pdf npm...

Malicious code in eris-slidev-iota-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df597c8562db9900df55e7a3e8d03179009373f184183e35c90f96a6edfe0739 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in neptune-slidev-pulsar-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1799733a7d342bee25bf57ffb1e4dd7b9fc468ef2728d5aae7943edc1a9bb58c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in slidev-odin-charon-pino-pretty (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10a6f20651e71b9191c950fc2cbdba6720c98b9935f61ba97cc07e440604538e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-175435

Malicious code in yonder-sedna-innercore-slidev npm...