Vulnerability	Vulnerable Version
C Embedded Malicious Code Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious `binding.gyp` file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm and RubyGems registry tokens, and GitHub Actions OIDC tokens. The added `package/index.js`, containing the obfuscated payload, is called silently during `npm install` execution, without the use of postinstall scripts. This file is deliberately confused with the legitimate entry point `dist/index.js`, but is not itself an entrypoint. How to fix Embedded Malicious Code? Avoid using all malicious instances of the `awaitly-visualizer` package.	=1.0.1=2.0.2=3.0.1=4.0.1=5.0.1=6.0.1=7.0.1=8.0.1=9.0.1=10.0.1=11.0.1=12.0.1=13.0.1=14.0.1=15.0.1=16.0.1=17.0.1=18.1.1=19.0.1=20.0.2=21.0.1=22.0.2

Embedded Malicious Code

Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm and RubyGems registry tokens, and GitHub Actions OIDC tokens.

The added package/index.js, containing the obfuscated payload, is called silently during npm install execution, without the use of postinstall scripts. This file is deliberately confused with the legitimate entry point dist/index.js, but is not itself an entrypoint.

How to fix Embedded Malicious Code?

Avoid using all malicious instances of the awaitly-visualizer package.

=1.0.1=2.0.2=3.0.1=4.0.1=5.0.1=6.0.1=7.0.1=8.0.1=9.0.1=10.0.1=11.0.1=12.0.1=13.0.1=14.0.1=15.0.1=16.0.1=17.0.1=18.1.1=19.0.1=20.0.2=21.0.1=22.0.2

Go back to all versions of this package