2 matches found
Malicious code in not-a-real-dep (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 784465edafb8e247845de45eb1f9c8d0b19b03706e98e861f1a570732d66cba5 The OpenSSF Package Analysis project identified 'not-a-real-dep' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious Package
Overview not-a-real-dep is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...