VYPR

npm · Malicious package advisory

Malware

napi-postinstall

MAL-2025-6025

Malicious code in napi-postinstall (npm)

Details

This package installs a windows based malware file node-gyp.dll via install.js

Compromised versions (1)

  • 0.3.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.