Malicious code in @voiceflow/dtos-interact (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da307584309abbc16bc106ef1077c1719a9496cf4d3fac9cd2843fd76e77f8d6 The package @voiceflow/dtos-interact was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199419

Malicious code in @voiceflow/dtos-interact npm...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

@voiceflow/react-chat (>=1.59.4 <=2.62.4), @voiceflow/sdk-runtime (>=1.18.1 <=1.29.0-alpha.1) potentially affected by unknown CVE via @voiceflow/dtos-interact (>=1.10.0 <=1.26.0)

@voiceflow/dtos-interact NPM version =1.10.0, =1.59.4, =1.18.1, =1.29.0-alpha.1 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWDTOSINTERACT-14103405...