Malicious code in shineout-mobile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 464fcb75d15a9834db9381502bb0698a424a9423127dc465313aaf6e27b9bbe7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SHEIN: RCE via npm misconfig -- installing internal libraries from the public registry

The following node package has been installed on at least one shein owned build/development server directly from the public npm registry. https://www.npmjs.com/package/shineout-mobile This package should normally be downloaded from the internal shein registry, but a misconfiguration appears to ha...