@array-util/nodepull@1.0.3

Install:

  • latest version

    1.1.3

  • first published

    1 months ago

  • latest version published

    15 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @array-util/nodepull package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Malicious Package

    @array-util/nodepull is a malicious package. that installs "socket io" as a remote access trojan (RAT), then fetch a second-stage payload (0001.dat) from the same command-and-control (C2) server and execute it. The C2 is linked to FAMOUS CHOLLIMA, a North Korean (DPRK) group behind the "Contagious Interview" campaign.

    How to fix Malicious Package?

    Avoid using all malicious instances of the @array-util/nodepull package.

    *