Malicious code in logpeck (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a4211ee8e232512f2d7fd8b78017d04589e493ba03994dd3a4cebc62898d2820 The OpenSSF Package Analysis project identified 'logpeck' @ 4.4.0 npm as malicious. It is considered malicious because: - The package communicat...

Malicious Package

Overview logpeck is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...