@142vip/fairy-cli (>=0.0.3-alpha.19 <=0.0.3-alpha.28), @better-builds/turbo-tools (>=6.0.0 <=7.4.4-beta.2) +14 more potentially affected by CVE-2026-45772 via turbo (>=1.3.1 <=2.9.12)

turbo NPM version =1.3.1, =0.0.3-alpha.19, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =3.0.1, =0.0.0-20220725115922, =0.0.234, =0.3.0, =1.5.1, =0.3.2, =0.5.0, =1.1.0, =1.4.1 - incmix-ui-components =0.0.1 and more Source cves: CVE-2026-45772 Source advisory: OSV:GHSA-3QCW-2RHX-2726...

Malicious code in @ember-velcro/monorepo-root (npm)

The package @ember-velcro/monorepo-root was found to contain malicious code...