Malicious code in fing-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4e606602dc2c4b6d0550d90156a68cf31799054412bac90062d266e5bcad3d76 The OpenSSF Package Analysis project identified 'fing-react-components' @ 1.15.0 npm as malicious. It is considered malicious because: - The...

Malicious Package

Overview fing-react-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...