@alu0101350158/constant-folding (>=1.0.0 <=1.3.9), @mp-next/build (>=0.0.1-alpha.27 <=0.0.1-alpha.34) +10 more potentially affected by unknown CVE via commmander (=0.0.1-security)

commmander NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on commmander and may be impacted: - @alu0101350158/constant-folding =1.0.0, =0.0.1-alpha.27, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.3 - velzy =0.0.1 - zhoukang-c...

MAL-2025-17423 Malicious code in commmander (npm)

The package commmander was found to contain malicious code...

@alu0101350158/constant-folding (>=1.0.0 <=1.3.9), @mp-next/build (>=0.0.1-alpha.27 <=0.0.1-alpha.34) +10 more potentially affected by unknown CVE via commmander (=0.0.1-security)

commmander NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on commmander and may be impacted: - @alu0101350158/constant-folding =1.0.0, =0.0.1-alpha.27, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.3 - velzy =0.0.1 - zhoukang-c...

Malicious Package in commmander

All versions of commmander contain malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive. Recommendation Remove the package from yo...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...