This package is a proof of concept to conduct a research. It has been uploaded for test purposes only. Its only function is to confirm the installation of the package on victims machines. The code is not malicious in any way and will be deleted after the
Supply Chain Security
Vulnerability
Quality
Maintenance
License
Known malware
Supply chain riskThis package is malware. We have asked the package registry to remove it.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
FAQs
This package is a proof of concept to conduct a research. It has been uploaded for test purposes only. Its only function is to confirm the installation of the package on victims machines. The code is not malicious in any way and will be deleted after the
The npm package clpp receives a total of 0 weekly downloads. As such, clpp popularity was classified as not popular.
We found that clpp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
Security News
Amaro 1.0 lays the groundwork for stable TypeScript support in Node.js, bringing official .ts loading closer to reality.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
