hosseinc@0.0.1-security vulnerabilities

security holding package

latest version

0.0.1-security
first published

a year ago
latest version published

a year ago
View hosseinc package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the hosseinc package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Malicious Package hosseinc is a malicious package. This package contains a malware that includes a reverse shell code and binds shell scripts. As these packages are dependancy confusion packages, these packages are malicious if they have been downloaded and installed from the npm repository. Installation of these packages from other repositories or CDNs are likely safe to use. These spoofed packages have no relation to the company or project they are attempting to spoof, and are not published by them or associated with them in any way. Users should verify that the package they are using has been downloaded from the official source and not from the general package distribution repository. Snyk cannot automatically identify where a package has been downloaded from and will mark any use of the package as malicious to allow users to check whether they have been compromised. How to fix Malicious Package? Avoid using all malicious instances of the `hosseinc` package.	*

Malicious Package

hosseinc is a malicious package. This package contains a malware that includes a reverse shell code and binds shell scripts.

As these packages are dependancy confusion packages, these packages are malicious if they have been downloaded and installed from the npm repository. Installation of these packages from other repositories or CDNs are likely safe to use.

These spoofed packages have no relation to the company or project they are attempting to spoof, and are not published by them or associated with them in any way.

Users should verify that the package they are using has been downloaded from the official source and not from the general package distribution repository. Snyk cannot automatically identify where a package has been downloaded from and will mark any use of the package as malicious to allow users to check whether they have been compromised.

How to fix Malicious Package?

Avoid using all malicious instances of the hosseinc package.

Go back to all versions of this package

hosseinc@0.0.1-security vulnerabilities

security holding package

latest version

first published

latest version published

Direct Vulnerabilities