This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
Hijacked package 'ua-parser-js' #3938
Comments
|
thank you for the notification about this @yves-bonami. it looks like this was pulled in by fbjs transitively and also as as direct dependency of a couple of expo sdk packages. the author of the library has resolved the issue but this may have impacted users during the time period. we will follow up to determine the best course of action. |
|
here is our blog post on the topic: https://blog.expo.dev/ua-parser-js-and-malicious-npm-packages-8c13ee4141a |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Windows Defender reports multiple malicious files and commands when running
expo initThis seems to be caused by several versions of the
ua-parser-jspackage being hijacked. (See this issue).The author has requested those packages to be unpublished.
Since I was just following quickstart for the first time, I'm unsure if any action needs to be taken, but it seemed worth mentioning this at least.
The text was updated successfully, but these errors were encountered: