MAL-2025-47239 Malicious code in @hestjs/core (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e502abdd20810df6a40941cec4ea92f9b86b0e774bd5df7461f73771e481b89 Any computer that has this package installed or running should be considered fully compromised. All...

Malicious code in @hestjs/core (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e502abdd20810df6a40941cec4ea92f9b86b0e774bd5df7461f73771e481b89 Any computer that has this package installed or running should be considered fully compromised. All...

@hestjs/cqrs (>=0.1.0 <=0.1.5), @hestjs/demo (>=0.1.0 <=0.1.1) +2 more potentially affected by unknown CVE via @hestjs/core (>=0.1.10 <=0.2.0)

@hestjs/core NPM version =0.1.10, =0.1.0, =0.1.0, =0.1.0, =0.1.4, =0.1.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47239...

@hestjs/core (>=0.1.0 <=0.2.0), @hestjs/cqrs (>=0.1.0 <=0.1.5) +3 more potentially affected by unknown CVE via @hestjs/logger (>=0.1.3 <=0.1.5)

@hestjs/logger NPM version =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.4, =0.1.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47243...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...