Malicious code in scuid-x (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0f81b2e690e5ecaa536cc321727566547b6adc4baa770b6b4c7666e29e262e83 The OpenSSF Package Analysis project identified 'scuid-x' @ 1.0.3 npm as malicious. It is considered malicious because: - The package communicat...

Malicious Package

Overview scuid-x is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...