Malicious code in @hover-design/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c066ac501de3af9fd156e23b5fb0317b633da301c4cf66b12f2ae8429e0970 The package @hover-design/react was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191227 Malicious code in @hover-design/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50c066ac501de3af9fd156e23b5fb0317b633da301c4cf66b12f2ae8429e0970 The package @hover-design/react was found to contain malicious code. Source: ghsa-malware...

@hover-design/react (>=0.2.1-beta <=0.2.4-beta) potentially affected by unknown CVE via @hover-design/core (=0.0.1-beta)

@hover-design/core NPM version =0.0.1-beta is affected by a known vulnerability. The following packages have a transitive dependency on @hover-design/core and may be impacted: - @hover-design/react =0.2.1-beta, =0.2.4-beta Source cves: unknown CVE Source advisory: OSV:MAL-2025-191226...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...