3 matches found
@weirdorg/dotenv (>=1.0.1 <=1.0.4) potentially affected by unknown CVE via @weirdorg/config (=1.0.3)
@weirdorg/config NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on @weirdorg/config and may be impacted: - @weirdorg/dotenv =1.0.1, =1.0.4 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4466...
Malicious code in @weirdorg/config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28e2fe6ac03c8e426aeb69f62bf0b2bd4dfdb06a5acee273bb5967186c5504d @weirdorg/config impersonates the widely-used config node-config package, copying its README verbatim including the require'config' usage example. Th...
Malicious code in @weirdorg/dotenv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dce94a089c58246a54a1e4496d323c92bb46dac654e1a1403e875292be94b198 Package is a near-verbatim republication of the popular dotenv library same README, API, and file layout under the @weirdorg/dotenv name. The only...