breautek
commented
1 year ago There isn't really enough information here to say the cause. You might have to get into contact with AVG to see if they can provide more details on what or why it considers your app a threat.
It could be one of those plugins, it could be a dependency one of those plugins is importing, it could be a sub-dependency of one of those plugins. The point is, it could be anything. In fact, it could even be a false positive by AVG.
If what it considers a threat is reported as a security vulnerability and has a CVE, npm audit may give you a hint to where to look. But without knowing specific details on what AVG is "finding", then you're going on a wild goose chase. NPM Audit is littered with low risk vulnerabilities that is likely doesn't apply to you, or the app, or may only apply to the development machine but not the actual runtime, so there will likely be noise to shift through.
I'd also suggest running npm upgrade to update your dependency tree with the latest dependencies that packages uses, before you run npm audit which will likely resolve most of any audit issues and reduce that noise.
Since this doesn't describe a bug, I'll be converting this into a Discussion.
my apk was detected as malware by avast/avg antivirus, here is my app in playstore https://play.google.com/store/apps/details?id=bkpsdmd.pemkabhst.brbpresensi
information please? i build with cordova 11, plugins that I use