Malicious code in @voiceflow/dependency-cruiser-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f310f0649a09ab3e8f8ca155d2067e1f39ad9ac40a987851fd0dd352ffc268fe The package @voiceflow/dependency-cruiser-config was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199420

Malicious code in @voiceflow/dependency-cruiser-config npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@blinkorb/resolute (>=0.0.3 <=0.0.5), @fontoxml/fontoxml-development-tools (>=8.7.0 <=8.15.0-nightly.20251205232845) +17 more potentially affected by unknown CVE via wrap-ansi (=9.0.0)

wrap-ansi NPM version =9.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on wrap-ansi and may be impacted: - @blinkorb/resolute =0.0.3, =8.7.0, =0.1.2, =1.7.6, =1.0.0, =1.0.0, =0.0.2, =0.0.1, =1.0.0, =0.3.1, =1.0.1, =15.1.0, =4.1.0, =4.2.0 and more...