yandex-logger-std@0.0.1-security vulnerabilities
security holding package
-
latest version
0.0.1-security
-
first published
2 years ago
-
latest version published
2 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the yandex-logger-std package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
yandex-logger-std is a malicious package. This is a typo-squatting attack, which means the package name is based on the existing repositories, namespaces, or components. It aims to trick users into downloading a package that contains malicious code. This targets popular Yandex packages and contains malicious code in the preinstall command which allows sending sensitive information about the system and user to a remote server. How to fix Malicious Package? Avoid using all malicious instances of the |
*
|