You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm a Cybersecurity researcher developing PackjGuard [1]. Our tool has detected a dependency confusion vulnerability in this repository.
The package @getnova/components mentioned in the README at line 19 does not exist on public NPM registry. A bad actor can hijack this package to propagate malicious code.
Not only your apps/service is vulnerable to this attack, but the users of your open-source Github repo are also vulnerable to this attack.
Please register a placeholder package for @getnova/components on public NPM soon to remediate.
Thanks!
PackjGuard is a Github app that monitors repos for malicious/vulnerable dependencies and mitigates attacks by creating pull requests for automatic remediation https://github.com/marketplace/packjguard
The text was updated successfully, but these errors were encountered:
Hi,
I'm a Cybersecurity researcher developing PackjGuard [1]. Our tool has detected a dependency confusion vulnerability in this repository.
The package
@getnova/componentsmentioned in the README at line 19 does not exist on public NPM registry. A bad actor can hijack this package to propagate malicious code.Not only your apps/service is vulnerable to this attack, but the users of your open-source Github repo are also vulnerable to this attack.
Please register a placeholder package for
@getnova/componentson public NPM soon to remediate.Thanks!
The text was updated successfully, but these errors were encountered: