Malicious code in ember-velcro (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb2c22cbb7ab559c0ac1e61418ae224e561beacb9571166240b4c5249a098dbb Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47311 Malicious code in ember-velcro (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb2c22cbb7ab559c0ac1e61418ae224e561beacb9571166240b4c5249a098dbb Any computer that has this package installed or running should be considered fully compromised. All...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

@crowdstrike/ember-toucan-core (>=0.3.0 <=0.4.6), @frontile/buttons (=0.18.0-alpha.5) +13 more potentially affected by unknown CVE via ember-velcro (=2.2.0)

ember-velcro NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ember-velcro and may be impacted: - @crowdstrike/ember-toucan-core =0.3.0, =0.17.0-alpha.0, =0.17.0, =0.17.0, =0.17.0, =9.4.0, =8.3.0, =0.1.0, =0.0.4, =0.17.0, =0.0.4, =0.0...

Malicious code in @ember-velcro/monorepo-root (npm)

The package @ember-velcro/monorepo-root was found to contain malicious code...

MAL-2025-42485 Malicious code in @ember-velcro/monorepo-root (npm)

The package @ember-velcro/monorepo-root was found to contain malicious code...