VYPR

npm · Malicious package advisory

Malware

synckit

MAL-2025-6026

Malicious code in synckit (npm)

Details

This package installs a windows based malware file node-gyp.dll via install.js

Compromised versions (1)

  • 0.11.9

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.