MAL-2022-4049 Malicious code in jquerry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6621de25a09d367339e4f62396aa977577ce456706c54bffefc8207bdadf871 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jquerry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6621de25a09d367339e4f62396aa977577ce456706c54bffefc8207bdadf871 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

hello_sf_pkg (=1.0.0), sf-b9.2-test-npm (>=1.2.0 <=1.3.0) +3 more potentially affected by unknown CVE via jquerry (=0.0.1-security)

jquerry NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on jquerry and may be impacted: - hellosfpkg =1.0.0 - sf-b9.2-test-npm =1.2.0, =1.3.0 - sfgittestpackage =1.0.0 - sfgittestpackage2 =1.0.0 - web3bruh =0.0.0 Source cves:...

Malicious Package

Overview All versions of jquerry contain malicious code. The index.js file appears to download and execute a crypto mining script. The file is not run upon installation - the package needs to be required or the index.js run manually. Recommendation Any computer that has this package installed or...