Malware in rxp-js?

[php3ch0]

Just installed package and got a malware critical vulnerability notification

https://github.com/advisories/GHSA-p4fm-f928-rr26

If this a false positive? Please confirm

[icemouton]

This security notice is stil showing up on the latest version from this month.

Please advise ?

[ahumulescu]

Hello,

The advisory is directly linked to the npm library (https://www.npmjs.com/package/rxp-js) which is not owned by Global Payments.

You would want to use the library like you would do it in the old days. Download the final build and reference it in your code via a script tag.