Malware in npm package "fed-callnative"

malicious-version-published · active

The npm package "fed-callnative" was found to contain malware. Any system with this package installed should be considered fully compromised, and all secrets and keys on that system should be rotated immediately from a different machine.

Affected packages

• npmfed-callnativesee advisory

Sources

• ghsahttps://github.com/advisories/GHSA-hwp4-g2h4-2v7r