npm · Malicious package advisory
Malwarenapi-postinstall
MAL-2025-6025
Malicious code in napi-postinstall (npm)
Details
This package installs a windows based malware file node-gyp.dll via install.js
Compromised versions (1)
- 0.3.1
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.