Malicious code execution


An open-source package that runs malicious code refers to a software component or library that is publicly available and distributed under an open-source license, but contains code designed to perform harmful or unauthorized actions on a user's system. These actions may include compromising the security of the system, stealing sensitive information, or causing damage to the user's data or software environment.


The presence of malicious code in open-source packages can have serious consequences for users, including exposure to security vulnerabilities, data breaches, financial losses, and reputational damage.


Remove the package from your dependencies list, disconnect affected devices from the network and report the incident to the relevant authorities in your organization.