Malware in npm package @visma-net-platform/module-navigator

malicious-version-published · active

A malicious npm package, @visma-net-platform/module-navigator, was published containing malware. Any system that installed or ran this package should be considered fully compromised, and all stored secrets and keys should be rotated immediately from a separate, clean machine.

Affected packages

• npm@visma-net-platform/module-navigatorsee advisory

Sources

• ghsahttps://github.com/advisories/GHSA-r344-wgf5-fqf4