GMS-2020-448: Malicious Package

September 3, 2020 (updated September 30, 2021)

of rate-map contains malicious code. The malware breaks functionality of the purescript-installer package by rewriting code of the dl-tar dependency. ## Recommendation

There is no indication of further compromise.

References

github.com/advisories/GHSA-x48m-gp6r-gp4v
www.npmjs.com/advisories/1083

Code Behaviors & Features

Detect and mitigate GMS-2020-448 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →