yasap-lodash@0.0.1-security vulnerabilities

security holding package

latest version

0.0.1-security
first published

2 years ago
latest version published

2 years ago
licenses detected
- Unknown
  >=0
View yasap-lodash package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the yasap-lodash package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Malicious Package yasap-lodash is a malicious package. This is a typo-squatting attack, which means the package name is based on the existing repositories, namespaces, or components. It aims to trick users into downloading a package that contains malicious code. This targets popular Yandex packages and contains malicious code in the preinstall command which allows sending sensitive information about the system and user to a remote server. How to fix Malicious Package? Avoid using all malicious instances of the `yasap-lodash` package.	*

Malicious Package

yasap-lodash is a malicious package. This is a typo-squatting attack, which means the package name is based on the existing repositories, namespaces, or components. It aims to trick users into downloading a package that contains malicious code.

This targets popular Yandex packages and contains malicious code in the preinstall command which allows sending sensitive information about the system and user to a remote server.

How to fix Malicious Package?

Avoid using all malicious instances of the yasap-lodash package.

Go back to all versions of this package

yasap-lodash@0.0.1-security vulnerabilities

security holding package

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities