3 matches found
EUVD-2025-199347
Malicious code in @accordproject/concerto-metamodel npm...
MAL-2025-191174 Malicious code in @accordproject/concerto-metamodel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1581131b6f7d752a2f26c167db5c144e33b737febc23f3e156f76a1b68e763ae The package @accordproject/concerto-metamodel was found to contain malicious code. Source: ghsa-malware...
@accordproject/concerto-metamodel contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...