bastion-scan 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +63 -14
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -2366,20 +2366,69 @@ import { satisfies } from "semver";
|
|
|
2366
2366
|
|
|
2367
2367
|
// src/data/compromised-packages.ts
|
|
2368
2368
|
var COMPROMISED_PACKAGES = [
|
|
2369
|
-
//
|
|
2370
|
-
|
|
2371
|
-
|
|
2372
|
-
|
|
2373
|
-
|
|
2374
|
-
|
|
2375
|
-
|
|
2376
|
-
|
|
2377
|
-
|
|
2378
|
-
//
|
|
2379
|
-
|
|
2380
|
-
|
|
2381
|
-
|
|
2382
|
-
|
|
2369
|
+
// 1. event-stream -- cryptocurrency wallet theft (2018)
|
|
2370
|
+
{
|
|
2371
|
+
name: "event-stream",
|
|
2372
|
+
versionRange: "=3.3.6",
|
|
2373
|
+
advisoryId: "GHSA-mh6f-8j2x-4483",
|
|
2374
|
+
source: "manual",
|
|
2375
|
+
dateAdded: "2026-05-23",
|
|
2376
|
+
description: "Backdoor injected via flatmap-stream dependency targeting Copay bitcoin wallet private keys."
|
|
2377
|
+
},
|
|
2378
|
+
// 2. ua-parser-js -- account takeover, cryptominer (2021)
|
|
2379
|
+
{
|
|
2380
|
+
name: "ua-parser-js",
|
|
2381
|
+
versionRange: "=0.7.29 || =0.8.0 || =1.0.0",
|
|
2382
|
+
advisoryId: "GHSA-pjwm-rvh2-c87w",
|
|
2383
|
+
source: "manual",
|
|
2384
|
+
dateAdded: "2026-05-23",
|
|
2385
|
+
description: "npm account compromised; three versions published with cryptominer and password stealer."
|
|
2386
|
+
},
|
|
2387
|
+
// 3. coa -- credential harvesting (2021)
|
|
2388
|
+
{
|
|
2389
|
+
name: "coa",
|
|
2390
|
+
versionRange: "=2.0.3 || =2.0.4 || =2.1.1 || =2.1.3 || =3.0.1 || =3.1.3",
|
|
2391
|
+
advisoryId: "GHSA-73qr-pfmq-6rp8",
|
|
2392
|
+
source: "manual",
|
|
2393
|
+
dateAdded: "2026-05-23",
|
|
2394
|
+
description: "npm account compromised; six malicious versions published with credential-harvesting payload."
|
|
2395
|
+
},
|
|
2396
|
+
// 4. rc -- credential harvesting (2021, same campaign as coa)
|
|
2397
|
+
{
|
|
2398
|
+
name: "rc",
|
|
2399
|
+
versionRange: "=1.2.9 || =1.3.9 || =2.3.9",
|
|
2400
|
+
advisoryId: "GHSA-g2q5-5433-rhrf",
|
|
2401
|
+
source: "manual",
|
|
2402
|
+
dateAdded: "2026-05-23",
|
|
2403
|
+
description: "npm account compromised in the same campaign as coa; three malicious versions with credential-harvesting payload."
|
|
2404
|
+
},
|
|
2405
|
+
// 5. node-ipc -- destructive protestware (2022)
|
|
2406
|
+
{
|
|
2407
|
+
name: "node-ipc",
|
|
2408
|
+
versionRange: ">=10.1.1 <10.1.3",
|
|
2409
|
+
advisoryId: "GHSA-97m3-w2cp-4xx6",
|
|
2410
|
+
source: "manual",
|
|
2411
|
+
dateAdded: "2026-05-23",
|
|
2412
|
+
description: "Maintainer added code to overwrite files with heart emojis on systems with Russian or Belarusian IP addresses."
|
|
2413
|
+
},
|
|
2414
|
+
// 6. node-ipc -- hidden functionality (2022, same maintainer)
|
|
2415
|
+
{
|
|
2416
|
+
name: "node-ipc",
|
|
2417
|
+
versionRange: "=9.2.2",
|
|
2418
|
+
advisoryId: "GHSA-8gr3-2gjw-jj7g",
|
|
2419
|
+
source: "manual",
|
|
2420
|
+
dateAdded: "2026-05-23",
|
|
2421
|
+
description: "Hidden functionality added by maintainer in a separate version line from the destructive 10.1.x protestware."
|
|
2422
|
+
},
|
|
2423
|
+
// 7. faker -- sabotaged by maintainer (2022)
|
|
2424
|
+
{
|
|
2425
|
+
name: "faker",
|
|
2426
|
+
versionRange: "=6.6.6",
|
|
2427
|
+
advisoryId: "GHSA-5w9c-rv96-fr7g",
|
|
2428
|
+
source: "manual",
|
|
2429
|
+
dateAdded: "2026-05-23",
|
|
2430
|
+
description: "Maintainer replaced all functional code with empty exports as a protest. Still live on npm as latest. Use @faker-js/faker instead."
|
|
2431
|
+
}
|
|
2383
2432
|
];
|
|
2384
2433
|
|
|
2385
2434
|
// src/checks/supply-chain/compromised-deps.ts
|