Malicious code in @voiceflow/sdk-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94c336d86664e23cb704d71c0c615684279844043450c16ee4bd2e434af95435 The package @voiceflow/sdk-runtime was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191370 Malicious code in @voiceflow/sdk-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94c336d86664e23cb704d71c0c615684279844043450c16ee4bd2e434af95435 The package @voiceflow/sdk-runtime was found to contain malicious code. Source: ghsa-malware...

@voiceflow/react-chat (>=1.0.0 <=2.62.4) potentially affected by unknown CVE via @voiceflow/sdk-runtime (>=1.10.0 <=1.3.4)

@voiceflow/sdk-runtime NPM version =1.10.0, =1.0.0, =2.62.4 Source cves: unknown CVE Source advisory: SNYK:JS-VOICEFLOWSDKRUNTIME-14103432...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...