postcss-optimizer@3.2.4 vulnerabilities

Tool for transforming styles with TS plugins

latest version

3.2.5

first published

2 months ago

latest version published

2 months ago

licenses detected

MIT
>=0

View postcss-optimizer package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the postcss-optimizer package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Malicious Package postcss-optimizer is a malicious package. This package impersonates as the legitimate and widely used `postcss` library but contains the BeaverTail malware, which operates as both an infostealer and a loader. It enables attackers to compromise developers' systems, exfiltrating credentials and sensitive data across Windows, macOS, and Linux environments. How to fix Malicious Package? Avoid using all malicious instances of the `postcss-optimizer` package.	*

Malicious Package

postcss-optimizer is a malicious package. This package impersonates as the legitimate and widely used postcss library but contains the BeaverTail malware, which operates as both an infostealer and a loader. It enables attackers to compromise developers' systems, exfiltrating credentials and sensitive data across Windows, macOS, and Linux environments.

How to fix Malicious Package?

Avoid using all malicious instances of the postcss-optimizer package.

Go back to all versions of this package