665 matches found
PT-2026-3410
Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...
EUVD-2025-198960
Malicious code in @tezign/html-webpack-plugin npm...
MAL-2025-190916 Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
EUVD-2025-176606
Malicious code in rollup-plugin-chai-soap-terser-webpack-plugin npm...
EUVD-2025-179458
Malicious code in css-minimizer-webpack-plugin-superagent-npm-private npm...
EUVD-2025-179772
Malicious code in changelog-gridsome-perseus-css-minimizer-webpack-plugin npm...
EUVD-2025-179476
Malicious code in csrf-bootes-html-webpack-plugin-ichnology npm...
EUVD-2025-178503
Malicious code in html-webpack-plugin-version-vulcan-rollup npm...
EUVD-2025-177433
Malicious code in optimize-css-assets-webpack-plugin-pm2-lyra-miranda npm...
EUVD-2025-177618
Malicious code in nextjs-html-webpack-plugin-express-gemini npm...
MAL-2025-187378 Malicious code in html-webpack-plugin-vega-atlas-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72fd14fbfa7df3518df196ac7331d4c07644a19e457f73f31be91ee9ab01ce42 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188465 Malicious code in orbit-html-webpack-plugin-xml-docusaurus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08fb8c907f7e235373242f869cd54f573229f75943e3b713df6ab822fa2142e2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-189875 Malicious code in terser-webpack-plugin-nestjs-umbriel-cluster (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce5383d1d73e04c37c0a2d6b250a999810d40f5479e51250c1e31ccd8bde1485 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188264 Malicious code in nextjs-html-webpack-plugin-express-gemini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b3221eb423eac0b572d326e1984f49231a18c9d5791b59c0f4a62fa33add06e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177910
Malicious code in meissa-optimize-css-assets-webpack-plugin-express-lint-staged npm...
EUVD-2025-178745
Malicious code in gemini-gravity-xanadu-css-minimizer-webpack-plugin npm...
EUVD-2025-179393
Malicious code in darkmatter-pegasus-optimize-css-assets-webpack-plugin-andromeda npm...
EUVD-2025-179457
Malicious code in css-minimizer-webpack-plugin-virtualreality-ignite-node-sass npm...
Malicious code in bunyan-redis-capella-html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56b9ec0c5fa82205dee259b73ad694a1c72663bb5a0d4d0e23c5bbbfbe461f40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...