PT-2026-3410

Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...

Malicious code in @tezign/html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...

EUVD-2025-198960

Malicious code in @tezign/html-webpack-plugin npm...

MAL-2025-190916 Malicious code in @tezign/html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...

EUVD-2025-179462

Malicious code in css-minimizer-webpack-plugin-framework-nextjs-upgrade npm...

EUVD-2025-176413

Malicious code in server-filament-framework-css-minimizer-webpack-plugin npm...

EUVD-2025-176600

Malicious code in rollup-plugin-optimize-css-assets-webpack-plugin-bootes-polaris npm...

EUVD-2025-178416

Malicious code in inflation-technocracy-css-minimizer-webpack-plugin-await npm...

EUVD-2025-179454

Malicious code in csv-dysonswarm-aether-optimize-css-assets-webpack-plugin npm...

EUVD-2025-179328

Malicious code in dependencies-dynamo-optimize-css-assets-webpack-plugin-gatsby npm...

EUVD-2025-177433

Malicious code in optimize-css-assets-webpack-plugin-pm2-lyra-miranda npm...

EUVD-2025-178405

Malicious code in init-optimize-css-assets-webpack-plugin-nodejs-grus npm...

EUVD-2025-177041

Malicious code in process-loop-zenobia-optimize-css-assets-webpack-plugin npm...

EUVD-2025-180192

Malicious code in await-async-cluster-terser-webpack-plugin npm...

EUVD-2025-177451

Malicious code in oortcloud-css-minimizer-webpack-plugin-config-cryovolcano npm...

EUVD-2025-180326

Malicious code in ariel-semantic-release-optimize-css-assets-webpack-plugin-prettier-plugin-markdown npm...

EUVD-2025-179354

Malicious code in delphinus-passport-blazar-css-minimizer-webpack-plugin npm...

EUVD-2025-180170

Malicious code in axios-astro-html-webpack-plugin-algol npm...

EUVD-2025-179821

Malicious code in centaurus-farout-html-webpack-plugin-callisto npm...

MAL-2025-189269 Malicious code in rollup-plugin-chai-soap-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 961e8a7cfffd287292e217d76e3379b062907280f409cf0ea9836155a60343e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...