staticlayer@2.0.0

Zero-dependency static file serving middleware with range requests and ETags

  • latest version

    2.0.0

  • first published

    29 days ago

  • latest version published

    27 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the staticlayer package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Malicious Package

    staticlayer is a malicious package. This package is part of a coordinated malicious campaign that conceals a Windows binary dropper. While the package itself might not contain standalone malicious logic and masquerades as a benign micro-utility, it is part of a broader attack and should not be installed. A malicious actor split the execution logic across different npm packages, allowing the attacker to evade per-package reviews and secretly execute a weaponized payload only when the packages are wired together.

    How to fix Malicious Package?

    Avoid using all malicious instances of the staticlayer package.

    *