Malicious Package

Overview react-video-canvas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-3189 Malicious code in react-video-canvas (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

Malicious code in react-video-canvas (npm)

Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...

Malicious Package

Overview react-video-live-demo is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious code in react-video-live-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d468d734a18f047e43acca515c76ba9b95e8f540c2898360d01c8b8fe4e1a170 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...