MAL-2022-6976 Malicious code in vscode-npm-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 904311064c7159e4258f6f03cc79e3e8fe4fe2ab84531940d686732f1cd9ed01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview vscode-npm-script is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the vscode-npm-script package. Credit: Snyk Research...