VYPR

npm · Malicious package advisory

Malware

@frostnode/probe

MAL-2026-6304

Malicious code in @frostnode/probe (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (7a143792d6fce9dfc36bbd2f99c44710055d4f0be6408ed046fb4ea4ea2e86f3)
No suspicious behaviors were observed in this package version. There are no install-time lifecycle hooks fetching or executing remote code, no credential or environment scraping, no hardcoded attacker-controlled endpoints, and no silent-relay patterns in the package's code paths.

Compromised versions (1)

  • 0.0.1

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.