kuhe
commented
2 months ago This was fixed in https://www.npmjs.com/package/@smithy/eventstream-serde-universal/v/3.0.5 from August 7th.
Closed sspiff closed 2 months ago
kuhe
commented
2 months ago This was fixed in https://www.npmjs.com/package/@smithy/eventstream-serde-universal/v/3.0.5 from August 7th.
phylum.io flags @smithy/eventstream-serde-universal@3.0.4 as possible malware because it decodes hardcoded base64 strings. As a result, the default phylum.io policy marks it as a policy violation.
phylum.io says:
"This package contains code that decodes hardcoded Base64 strings. Malicious actors frequently employ such encoding methods to mask malicious payloads or actions, leveraging this basic form of obfuscation to evade detection. It's crucial to approach such code with caution."
It identifies package/dist-es/fixtures/event.fixture.js as an offending file.