VYPR

npm · Malicious package advisory

Malware

kiota-typescript

MAL-2025-68

Malicious code in kiota-typescript (npm)

Details

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.

---
_-= Per source details. Do not edit below this line.=-_

Compromised versions (1)

  • 9.9.9

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.