Malicious Package

Overview addon-kit is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious code in addon-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2cb769bc829ad73185d9dec43b063a45ed4dab7a85aed2152ea5dc9a75328b58 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

webappfind (=0.1.1) potentially affected by unknown CVE via addon-kit (=0.0.1-security)

addon-kit NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on addon-kit and may be impacted: - webappfind =0.1.1 Source cves: unknown CVE Source advisory: OSV:MAL-2022-852...

MAL-2022-852 Malicious code in addon-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2cb769bc829ad73185d9dec43b063a45ed4dab7a85aed2152ea5dc9a75328b58 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...