Malware in npm package @vtmn-play/react

malicious-version-published · active

The npm package @vtmn-play/react has been identified as containing malware. Any system with this package installed should be considered fully compromised, and all secrets stored on it should be rotated immediately from a different machine.

Affected packages

• npm@vtmn-play/reactsee advisory

Sources

• ghsahttps://github.com/advisories/GHSA-vpcv-xpqm-w228