yandex-logger-std@0.0.1-security vulnerabilities

security holding package

Direct Vulnerabilities

Known vulnerabilities in the yandex-logger-std package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Malicious Package

yandex-logger-std is a malicious package. This is a typo-squatting attack, which means the package name is based on the existing repositories, namespaces, or components. It aims to trick users into downloading a package that contains malicious code.

This targets popular Yandex packages and contains malicious code in the preinstall command which allows sending sensitive information about the system and user to a remote server.

How to fix Malicious Package?

Avoid using all malicious instances of the yandex-logger-std package.

*