use-rtg (>=1.0.1 <=1.0.3) potentially affected by unknown CVE via observed-bits (=0.3.1)

observed-bits NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on observed-bits and may be impacted: - use-rtg =1.0.1, =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28060...

Malicious code in observed-bits (npm)

The package observed-bits was found to contain malicious code...

MAL-2025-28060 Malicious code in observed-bits (npm)

The package observed-bits was found to contain malicious code...