Malicious code in @fake-registry/b (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 47be0b354748c2d14abc42bdd335e4da22324a65c300d85b0fe522705c8e0661 The OpenSSF Package Analysis project identified '@fake-registry/b' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7420 Malicious code in @fake-registry/b (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 47be0b354748c2d14abc42bdd335e4da22324a65c300d85b0fe522705c8e0661 The OpenSSF Package Analysis project identified '@fake-registry/b' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in @fake-registry/a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97c876bbfb1684701b8dc4481892093cd4c86a3dc718debe40811786e4175f57 The OpenSSF Package Analysis project identified '@fake-registry/a' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7419 Malicious code in @fake-registry/a (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97c876bbfb1684701b8dc4481892093cd4c86a3dc718debe40811786e4175f57 The OpenSSF Package Analysis project identified '@fake-registry/a' @ 4.0.0 npm as malicious. It is considered malicious because: - The package...

Artifact Hub has Incorrect Docker Hub registry check

Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which the registryIsDockerHub function was only checking that the registry domain had the docker.io suffix. Artifact Hub allows providing some Docker credentials that are used to increa...