declarative-js (>=0.0.0 <=0.0.2) potentially affected by unknown CVE via join-params (=0.0.0)

join-params NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on join-params and may be impacted: - declarative-js =0.0.0, =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-23839...

Malicious code in join-params (npm)

The package join-params was found to contain malicious code...

MAL-2025-23839 Malicious code in join-params (npm)

The package join-params was found to contain malicious code...