VYPR

npm · Malicious package advisory

Malware

got-fetch

MAL-2025-6024

Malicious code in got-fetch (npm)

Details

This package installs a windows based malware file node-gyp.dll via install.js

Compromised versions (2)

  • 5.1.11
  • 5.1.12

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.