New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
@certd/api
Advanced tools
@certd/api - npm Package Compare versions
+2
-2
| { | ||
| "name": "@certd/api", | ||
| "version": "0.2.1", | ||
| "version": "0.3.0", | ||
| "description": "", | ||
@@ -25,3 +25,3 @@ "main": "src/index.js", | ||
| }, | ||
| "gitHead": "a70b4373def944258f4fde91f313219585a42c21" | ||
| "gitHead": "cfb46a7c2b6816ac5328bc3b6758ebb24688e53b" | ||
| } |
@@ -0,0 +0,0 @@ import _ from 'lodash-es' |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Worsened metrics
- Total package byte prevSize
10228
-0.32%No dependency changes