MAL-2025-19723 Malicious code in epress (npm)

The package epress was found to contain malicious code...

react-endless (>=1.0.4 <=1.0.6), react-templet (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via epress (=0.0.1-security)

epress NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on epress and may be impacted: - react-endless =1.0.4, =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19723...

Malicious code in epress (npm)

The package epress was found to contain malicious code...

Malicious Package in epress

Version 4.13.2 of epress contains malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive. Recommendation Remove the package from you...

react-endless (>=1.0.4 <=1.0.6), react-templet (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via epress (=0.0.1-security)

epress NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on epress and may be impacted: - react-endless =1.0.4, =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-VF8Q-PW7H-R2X2...

GHSA-VF8Q-PW7H-R2X2 Malicious Package in epress

Version 4.13.2 of epress contains malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive. Recommendation Remove the package from you...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...