2.15.6
1 months ago
26 days ago
Known vulnerabilities in the @thymelab/logfx package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@thymelab/logfx is a malicious package.
This package contains malicious code and is part of a coordinated npm supply-chain campaign. It ships an obfuscated Impact The infostealer targets crypto wallets, browser credentials, cloud tokens, SSH keys, and developer credentials (npm, Note
How to fix Malicious Package? Avoid using all malicious instances of the | =2.15.3=2.15.4=2.15.5=2.15.6 |