665 matches found
PT-2026-3410
Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLE NAME. This is not a regressio...
MAL-2025-190916 Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
Malicious code in @tezign/html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 437929a07e5bc4e0e6dfe545fa858db027aa2ba4e6fa87701a09d5b07277b543 The package @tezign/html-webpack-plugin was found to contain malicious code...
EUVD-2025-198960
Malicious code in @tezign/html-webpack-plugin npm...
EUVD-2025-176606
Malicious code in rollup-plugin-chai-soap-terser-webpack-plugin npm...
EUVD-2025-179458
Malicious code in css-minimizer-webpack-plugin-superagent-npm-private npm...
EUVD-2025-179772
Malicious code in changelog-gridsome-perseus-css-minimizer-webpack-plugin npm...
EUVD-2025-177313
Malicious code in parsec-kaus-optimize-css-assets-webpack-plugin-triton npm...
EUVD-2025-179476
Malicious code in csrf-bootes-html-webpack-plugin-ichnology npm...
EUVD-2025-178503
Malicious code in html-webpack-plugin-version-vulcan-rollup npm...
EUVD-2025-177433
Malicious code in optimize-css-assets-webpack-plugin-pm2-lyra-miranda npm...
MAL-2025-187372 Malicious code in html-webpack-plugin-atlas-global-lacerta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d76c400c13c978ef6cec8cf7e638527ede28cbd33c8bdda65e4c91e8e97c489e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187374 Malicious code in html-webpack-plugin-hologram-stream-install (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07f786614246d2d9d6432c8d36c1015a7c75b9a2b3c99baa78f244a48ad6eb9f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186406 Malicious code in csrf-bootes-html-webpack-plugin-ichnology (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42e683c14d1e59c58cadcd514400f46ff49670101cb068cc2ecf1d95b413dcf9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188264 Malicious code in nextjs-html-webpack-plugin-express-gemini (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b3221eb423eac0b572d326e1984f49231a18c9d5791b59c0f4a62fa33add06e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-185824 Malicious code in biomimicry-epigenetics-rimraf-html-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b99d6b16ce5f9ad8a4b63643f29ff2a163289920ad64bab9677fc22fda67ddb0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177618
Malicious code in nextjs-html-webpack-plugin-express-gemini npm...
MAL-2025-189875 Malicious code in terser-webpack-plugin-nestjs-umbriel-cluster (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce5383d1d73e04c37c0a2d6b250a999810d40f5479e51250c1e31ccd8bde1485 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187937 Malicious code in markdown-relay-optimize-css-assets-webpack-plugin-neutrino (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 814d9c5cb9e62fb3014607e0cc8e6b132834d0f216d57d6a055d9aba26c110d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-187972 Malicious code in meissa-optimize-css-assets-webpack-plugin-express-lint-staged (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3eedff5af78c38d953cd8a24a97713690a208d01ffa5df7018314e5f3ba5667 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...