@dev-blinq/cucumber_client (>=1.0.5-amdocs <=1.0.1478-stage) potentially affected by unknown CVE via @dev-blinq/cucumber-js (>=1.0.1-amdocs <=1.0.131-dev)

@dev-blinq/cucumber-js NPM version =1.0.1-amdocs, =1.0.5-amdocs, =1.0.1478-stage Source cves: unknown CVE Source advisory: OSV:MAL-2025-191212...

Malicious code in @dev-blinq/cucumber_client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db4a451970465311f6a1d2b9ac8b4713f2f4ff114aa37c12dd0daff6032c8ab6 The package @dev-blinq/cucumberclient was found to contain malicious code. Source: ghsa-malware...

@dev-blinq/cucumber_client (>=1.0.976-stage <=1.0.1137-dev) potentially affected by unknown CVE via @dev-blinq/cucumber_client (=1.0.1119-stage)

@dev-blinq/cucumberclient NPM version =1.0.1119-stage is affected by a known vulnerability. The following packages have a transitive dependency on @dev-blinq/cucumberclient and may be impacted: - @dev-blinq/cucumberclient =1.0.976-stage, =1.0.1137-dev Source cves: unknown CVE Source advisory:...

EUVD-2025-199324

Malicious code in @dev-blinq/cucumberclient npm...

@dev-blinq/ai-qa-logic (>=1.0.0 <=1.0.18), @dev-blinq/cucumber_client (>=0.0.1 <=1.0.1633-dev) potentially affected by unknown CVE via automation_model (>=1.0.1-amdocs <=1.0.894-dev)

automationmodel NPM version =1.0.1-amdocs, =1.0.0, =0.0.1, =1.0.1633-dev Source cves: unknown CVE Source advisory: OSV:MAL-2025-191066...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...