css-dedoupe (>=0.1.0 <=0.1.1) potentially affected by unknown CVE via obj-to-css (=1.0.1)

obj-to-css NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on obj-to-css and may be impacted: - css-dedoupe =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191136...

MAL-2025-190953 Malicious code in css-dedoupe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7708f95527bfb987e5bf71ee911acffc550f40aff1b046d3249c9504c14fd52f The package css-dedoupe was found to contain malicious code. Source: ghsa-malware 9bad835f3386b87b3ce781849db6a96394982d6a092ee635c731d854493dd197 An...

EUVD-2025-199090

Malicious code in css-dedoupe npm...

Malicious code in css-dedoupe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7708f95527bfb987e5bf71ee911acffc550f40aff1b046d3249c9504c14fd52f The package css-dedoupe was found to contain malicious code. Source: ghsa-malware 9bad835f3386b87b3ce781849db6a96394982d6a092ee635c731d854493dd197 An...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

css-dedoupe (>=0.1.0 <=0.1.1) potentially affected by unknown CVE via obj-to-css (=1.0.1)

obj-to-css NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on obj-to-css and may be impacted: - css-dedoupe =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-OBJTOCSS-14103674...