MAL-2025-149190 Malicious code in vortex-request-websockets-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d27d80aa80b3476f8aacf646ef4d6f99528afde9c24988a8d62218931ed277a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141243 Malicious code in cressida-sequelize-wolf-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5a46a9c2846a091e28a3a4dc8c51bc71bdde5de64a5745a8b0b0b66988ee9a5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145355 Malicious code in neptune-chalk-html-webpack-plugin-virgo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69cd6f6bed9776d6240e81efcaf980f3e86f7f36bdacffd76d292c2d9397deee This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149261 Malicious code in warp-avior-html-webpack-plugin-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b11f9b6bfc7e569e71fb19a7e5a3323ecd22de9a47e30dbccd610e408eebd4c3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148542 Malicious code in terser-webpack-plugin-airbnb-test-node-sass (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad7a06295fbc84afce143fd5b0a10715eb54d6bfc38ec32d8c2022006a9c0cc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148152 Malicious code in spica-capella-optimize-css-assets-webpack-plugin-local (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89f124e4d557c8feabc6de44830d46d279b20eda791ae7444d095204eba1dc2a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141331 Malicious code in css-minimizer-webpack-plugin-perseus-phoebe-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21f4c0c782d6c378089168b89d8b9dc2f864bbb057f8c45669d8132fe4c260f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147094 Malicious code in readable-xanadu-zenobia-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc92c96d3ca99d6166dcc1bfdf45c8e4a21ea3ca0e602f88717aebed70a8c03 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147450 Malicious code in rimraf-izar-html-webpack-plugin-rigel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 969f0af5a2acd4f35bc9f6a12bfdee60b30945dd4a21464b014b22f579711f02 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-147002 Malicious code in quito-request-karma-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c90bb0614863aef8fa9c825f50394f601085ce72fe96a6c0d37ac4d097153fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-142838 Malicious code in gatsby-css-minimizer-webpack-plugin-kinetic-aldebaran (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd3d7c7613ca3b24203a1a6b67a092b1b7c05ab67e78b886ed6158382f56e95f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144486 Malicious code in local-fork-postgres-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a55b74dedb1f55e866a3e57ff1b1150151ebfce27b4a2d1e0fa1033db37c196 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-141602 Malicious code in despina-octans-metalsmith-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9384bbb9fc0aa0e1f16a71cc9464392c53182e411ef298e21246033a29d53347 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-149507 Malicious code in winston-magellan-miranda-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ee01189845db7aa342e79e837373263b111cf89d61884466e815592205e5d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143739 Malicious code in iota-publish-farout-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5af19c1d6f08e7ef2fd2f4ffea93902babce362354f088e98f6484d66559a40 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144930 Malicious code in meteor-registry-html-webpack-plugin-gravity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ffcb4c81fe48d0c658f380eebc91b6ea464b897f40f3f86ec2cb4a976f0646f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148554 Malicious code in terser-webpack-plugin-lint-toml-nebula (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f154561b1e2ab5853761f1ac96534b4e5e5ec7bf8e7e8fe50bdc44f46703bde2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-143399 Malicious code in hugo-sedna-element-ui-css-minimizer-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8cbb809a5a462eecb562ebf259496a3417030ea7068dd248d7c76664b049056 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in vue2-script-ext-html-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 747331ee9a0695a63f863ebc84ad9508b515a9c8dfe77477314ff8de5a5aba40 The package vue2-script-ext-html-webpack-plugin was found to contain malicious code...

EUVD-2025-37270

Malicious code in vue2-script-ext-html-webpack-plugin npm...