3 matches found
Malicious Package
Overview mongoose-geospatial is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...
MAL-2023-1240 Malicious code in mongoose-geospatial (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1ebd1ea357c03a8913204a6a43a5a9025e721beba84eeeddff75d653a4212474 The OpenSSF Package Analysis project identified 'mongoose-geospatial' @ 1.0.0 npm as malicious. It is considered malicious because: - The packag...
Malicious code in mongoose-geospatial (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1ebd1ea357c03a8913204a6a43a5a9025e721beba84eeeddff75d653a4212474 The OpenSSF Package Analysis project identified 'mongoose-geospatial' @ 1.0.0 npm as malicious. It is considered malicious because: - The packag...