Malicious code in @rxap/ngx-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e41d94f6e5c522d3783037ae1e8e338ce291027d01211c6c990a0f3a6d8c08bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47455 Malicious code in @rxap/ngx-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e41d94f6e5c522d3783037ae1e8e338ce291027d01211c6c990a0f3a6d8c08bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Embedded Malicious Code

Overview ngx-bootstrap is a package that contains all core Bootstrap components powered by Angular. Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a postinstall script called bundle.js that exfiltrates secrets from the...

Malicious code in ngx-bootstrap (npm)

The package ngx-bootstrap was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in t...

MAL-2025-47197 Malicious code in ngx-bootstrap (npm)

The package ngx-bootstrap was found have been identified as potentially malicious due to the inclusion of a minified postinstall script. It is considered suspicious because: The script appears to attempt to steal access tokens for npm, GitHub, AWS, GCP, etc. There is no changelog or new tags in t...

Cross-Site Scripting (XSS)

ngx-bootstrap is vulnerable to cross-site scripting which allows an attacker to inject and execute arbitrary Javascript via the search and highlight functionality within the typeahead component...