Malware in npm package web-dotenv
malicious-version-published · active
The npm package web-dotenv has been identified as malware. Any system that installed or ran this package should be considered fully compromised, and all secrets and keys stored on it should be rotated immediately from a separate, clean machine.
Affected packages
- npmweb-dotenv