Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAvoid using mgc altogether.
mgc is a Module Generate Cli
Affected versions of this package are vulnerable to Embedded Malicious Code. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and the author of this package.
The package executes an obfuscated postinstall script setup.js that establishes communication with an external command-and-control server (sfrclak.com:8000). The RAT checks the operating system and drops platform-specific payloads:
After execution, the malware deletes its setup.js script and replaces its own package.json with a clean stub to actively conceal evidence of the attack from post-infection inspection.
If you find any of these persistent files or the node_modules/plain-crypto-js directory, you have been compromised and should no longer trust the system to be safe.