@uni-cli/cli (>=1.0.6 <=1.0.12), @uni-cli/init (=1.0.12) +1 more potentially affected by unknown CVE via fs-extar (=0.0.1-security)

fs-extar NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on fs-extar and may be impacted: - @uni-cli/cli =1.0.6, =1.0.12 - @uni-cli/init =1.0.12 - hwsz-tools =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-21006...

Malicious code in fs-extar (npm)

The package fs-extar was found to contain malicious code...

MAL-2025-21006 Malicious code in fs-extar (npm)

The package fs-extar was found to contain malicious code...

@uni-cli/cli (>=1.0.6 <=1.0.12), @uni-cli/init (=1.0.12) +1 more potentially affected by unknown CVE via fs-extar (=0.0.1-security)

fs-extar NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on fs-extar and may be impacted: - @uni-cli/cli =1.0.6, =1.0.12 - @uni-cli/init =1.0.12 - hwsz-tools =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-435C-QCPM-W...

Malicious Package in fs-extar

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...