Lucene search
GoogleOSV:MAL-2024-7048HistoryJun 28, 2024 - 4:27 p.m.
Malicious code in @yu-life/react-native-yu-watch (npm)
2024-06-2816:27:14
Google
osv.dev
1
malicious code
yu-life
react-native-yu-watch
npm
1.0.1
security issue
7.3 High
AI Score
Confidence
High
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (461986fa4cbfe6bda33bdb99901a4c0f05e00934b4a3c5b529f1236dba9d4b1b)
The OpenSSF Package Analysis project identified β@yu-life/react-native-yu-watchβ @ 1.0.1 (npm) as malicious.
It is considered malicious because:
-
The package communicates with a domain associated with malicious activity.
-
The package executes one or more commands associated with malicious behavior.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @yu-life/react-native-yu-watch | eq | 1.0.1 |
7.3 High
AI Score
Confidence
High