npm · Malicious package advisory
Malware@pkgr/core
MAL-2025-6021
Malicious code in @pkgr/core (npm)
Details
This package installs a windows based malware file node-gyp.dll via install.js
Compromised versions (1)
- 0.2.8
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.