VYPR

npm · Malicious package advisory

Malware

@pkgr/core

MAL-2025-6021

Malicious code in @pkgr/core (npm)

Details

This package installs a windows based malware file node-gyp.dll via install.js

Compromised versions (1)

  • 0.2.8

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.