EUVD-2025-199468

Malicious code in @oku-ui/roving-focus npm...

MAL-2025-191271 Malicious code in @oku-ui/roving-focus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef9c5700b2618856ae03ff24523ae655b9b1014a11d02768b8904387d07da4fc The package @oku-ui/roving-focus was found to contain malicious code. Source: google-open-source-security...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +5 more potentially affected by unknown CVE via @oku-ui/roving-focus (=0.6.1)

@oku-ui/roving-focus NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/roving-focus and may be impacted: - @oku-ui/accordion =0.5.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown CVE Source advisor...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/menu (>=0.6.0 <=0.6.1) +8 more potentially affected by unknown CVE via @oku-ui/direction (=0.6.1)

@oku-ui/direction NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/direction and may be impacted: - @oku-ui/accordion =0.5.0, =0.6.0, =0.4.0, =0.4.0, =0.4.0, =0.0.1, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.1 Source cves: unknown...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...