Malware in npm package security-env-loader (GHSA-rv4w-rvp6-p6rg)
malicious-version-published · active
The npm package security-env-loader has been identified as malicious. Any machine where it was installed or run should be considered fully compromised, and all secrets and keys on that machine should be rotated immediately from a separate, clean computer.
Affected packages
- npmsecurity-env-loader