2.0.0
29 days ago
26 days ago
Known vulnerabilities in the staticlayer package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
staticlayer is a malicious package. This package is part of a coordinated malicious campaign that conceals a Windows binary dropper. While the package itself might not contain standalone malicious logic and masquerades as a benign micro-utility, it is part of a broader attack and should not be installed. A malicious actor split the execution logic across different npm packages, allowing the attacker to evade per-package reviews and secretly execute a weaponized payload only when the packages are wired together. How to fix Malicious Package? Avoid using all malicious instances of the | * |