GMS-2020-412: Malicious Package

September 1, 2020 (updated October 1, 2021)

nothing-js contained a malicious script that attempted to delete all files when npm test was run. This module has been unpublished from the npm Registry. If you find this module in your environment remove it.

References

github.com/advisories/GHSA-353r-3v84-9pjj
www.npmjs.com/advisories/650

Code Behaviors & Features

Detect and mitigate GMS-2020-412 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →