Malware in npm package ecto-win-flag-q2m7

malicious-version-published · active

The npm package ecto-win-flag-q2m7 has been identified as containing malware. Any system where it was installed or run should be treated as fully compromised, and all secrets and keys on that system should be rotated immediately from a different machine.

Affected packages

• npmecto-win-flag-q2m7see advisory

Sources

• ghsahttps://github.com/advisories/GHSA-22wq-6mfh-69qv