chisa-botwa (=8.6.51) potentially affected by unknown CVE via yessir-node (=2.2.7)

yessir-node NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on yessir-node and may be impacted: - chisa-botwa =8.6.51 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4736...

Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...