npm · Malicious package advisory
Malwaresynckit
MAL-2025-6026
Malicious code in synckit (npm)
Details
This package installs a windows based malware file node-gyp.dll via install.js
Compromised versions (1)
- 0.11.9
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.