EUVD-2025-199079

Malicious code in hopedraw npm...

MAL-2025-190964 Malicious code in hopedraw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9b92770a39e89559f4745f8c6d264f55c2f56aa858388f2b23fe19d8ac5cfb7 The package hopedraw was found to contain malicious code. Source: ghsa-malware 5816fd13331bdf9cddedac9d250bbe6f4d28bafe88b9bea201c4f6cbbb1f2448 Any...

Malicious code in hopedraw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9b92770a39e89559f4745f8c6d264f55c2f56aa858388f2b23fe19d8ac5cfb7 The package hopedraw was found to contain malicious code. Source: ghsa-malware 5816fd13331bdf9cddedac9d250bbe6f4d28bafe88b9bea201c4f6cbbb1f2448 Any...

hope-mapboxdraw (=0.1.0) potentially affected by unknown CVE via hopedraw (=1.0.2)

hopedraw NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on hopedraw and may be impacted: - hope-mapboxdraw =0.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190964...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...