vite-loader-svg@0.0.1-security vulnerabilities
security holding package
latest version
0.0.1-security
first published
13 days ago
latest version published
13 days ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the vite-loader-svg package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
vite-loader-svg is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. This package contains a hex-encoded loader which upon installation collects host metadata, decodes its follow-on script and fetches second-stage malware. How to fix Malicious Package? Avoid using all malicious instances of the | * |
vite-loader-svg is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship. How to fix Malicious Package? Avoid using all malicious instances of the | * |