MAL-2025-47150 Malicious code in @nativescript-community/sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12fdec6c515865f33dafbfd89c6a2e810138eab46fe92d29955d74a13e37567f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

@akylas/nativescript-sqlite (>=3.2.0 <=3.3.11) potentially affected by unknown CVE via @nativescript-community/typeorm (=0.2.29)

@nativescript-community/typeorm NPM version =0.2.29 is affected by a known vulnerability. The following packages have a transitive dependency on @nativescript-community/typeorm and may be impacted: - @akylas/nativescript-sqlite =3.2.0, =3.3.11 Source cves: unknown CVE Source advisory:...