npm · Malicious package advisory
Malwaregot-fetch
MAL-2025-6024
Malicious code in got-fetch (npm)
Details
This package installs a windows based malware file node-gyp.dll via install.js
Compromised versions (2)
- 5.1.11
- 5.1.12
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.