tensorflowjs@0.0.1-security vulnerabilities

security holding package

latest version

0.0.1-security

first published

5 months ago

latest version published

5 months ago

View tensorflowjs package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the tensorflowjs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Malicious Package tensorflowjs is a malicious package. This package contains malicious code that uses a sophisticated typosquatting attack. It employs multi-stage malware with heavy obfuscation to evade detection. The malware's primary function is to steal credentials and capture screenshots from Windows machines. It also establishes a command and control channel via a Discord server. How to fix Malicious Package? Avoid using all malicious instances of the `tensorflowjs` package.	*

Malicious Package

tensorflowjs is a malicious package. This package contains malicious code that uses a sophisticated typosquatting attack. It employs multi-stage malware with heavy obfuscation to evade detection. The malware's primary function is to steal credentials and capture screenshots from Windows machines. It also establishes a command and control channel via a Discord server.

How to fix Malicious Package?

Avoid using all malicious instances of the tensorflowjs package.

Go back to all versions of this package