MAL-2025-190342 Malicious code in winston-writable-betelgeuse-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 618dfd248d0e1ba6168342765507ae920fd0ed18ce8cf28a99a494f55683c3de This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176742

Malicious code in regulus-eridanus-meissa-winston npm...

MAL-2025-187493 Malicious code in inquirer-winston-commitlint-cosmiconfig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d8803b934bddaa10af678e2f1095520a0c5df75893b63ef2fb45b3564318c6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-120411

Malicious code in winston-phoebe-aquarius-aurora npm...

EUVD-2025-120300

Malicious code in xanthus-middleware-sadr-winston npm...

MAL-2025-42145 Malicious code in logging-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0433a58c0d2019ba753b2ac69bc12319ce704bc3fcf7ff537ccea2164e1e8f31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-winston (npm)

The package node-winston was found to contain malicious code...

Malicious code in soap-fetch-sociobiology-winston (npm)

The package soap-fetch-sociobiology-winston was found to contain malicious code...