easy-dep-graph 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/bin/index.js +196 -0
  2. package/package.json +1 -1
package/bin/index.js CHANGED
@@ -1309,6 +1309,202 @@ const knownMaliciousPackages = [
1309
1309
  severity: 'critical',
1310
1310
  description: 'Compromised (May 2026). Part of "Mini Shai-Hulud is back" worm.',
1311
1311
  },
1312
+ // === Red Hat npm packages compromise (June 1, 2026) - Miasma variant ===
1313
+ // 32 packages compromised via GitHub Actions OIDC trusted publishing bypass
1314
+ // Malware steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys, Kubernetes tokens
1315
+ // 116,991 weekly downloads affected
1316
+ {
1317
+ name: '@redhat-cloud-services/chrome',
1318
+ badVersions: ['2.3.1', '2.3.2'],
1319
+ severity: 'critical',
1320
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1321
+ },
1322
+ {
1323
+ name: '@redhat-cloud-services/compliance-client',
1324
+ badVersions: ['4.0.3', '4.0.4'],
1325
+ severity: 'critical',
1326
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1327
+ },
1328
+ {
1329
+ name: '@redhat-cloud-services/config-manager-client',
1330
+ badVersions: ['5.0.4', '5.0.5'],
1331
+ severity: 'critical',
1332
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1333
+ },
1334
+ {
1335
+ name: '@redhat-cloud-services/entitlements-client',
1336
+ badVersions: ['4.0.11', '4.0.12'],
1337
+ severity: 'critical',
1338
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1339
+ },
1340
+ {
1341
+ name: '@redhat-cloud-services/eslint-config-redhat-cloud-services',
1342
+ badVersions: ['3.2.1', '3.2.2'],
1343
+ severity: 'critical',
1344
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1345
+ },
1346
+ {
1347
+ name: '@redhat-cloud-services/frontend-components',
1348
+ badVersions: ['7.7.2', '7.7.3'],
1349
+ severity: 'critical',
1350
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1351
+ },
1352
+ {
1353
+ name: '@redhat-cloud-services/frontend-components-advisor-components',
1354
+ badVersions: ['3.8.2'],
1355
+ severity: 'critical',
1356
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1357
+ },
1358
+ {
1359
+ name: '@redhat-cloud-services/frontend-components-config',
1360
+ badVersions: ['6.11.3', '6.11.4'],
1361
+ severity: 'critical',
1362
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1363
+ },
1364
+ {
1365
+ name: '@redhat-cloud-services/frontend-components-config-utilities',
1366
+ badVersions: ['4.11.2', '4.11.3'],
1367
+ severity: 'critical',
1368
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1369
+ },
1370
+ {
1371
+ name: '@redhat-cloud-services/frontend-components-notifications',
1372
+ badVersions: ['6.9.2', '6.9.3'],
1373
+ severity: 'critical',
1374
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1375
+ },
1376
+ {
1377
+ name: '@redhat-cloud-services/frontend-components-remediations',
1378
+ badVersions: ['4.9.2', '4.9.3'],
1379
+ severity: 'critical',
1380
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1381
+ },
1382
+ {
1383
+ name: '@redhat-cloud-services/frontend-components-testing',
1384
+ badVersions: ['1.2.1', '1.2.2'],
1385
+ severity: 'critical',
1386
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1387
+ },
1388
+ {
1389
+ name: '@redhat-cloud-services/frontend-components-translations',
1390
+ badVersions: ['4.4.1', '4.4.2'],
1391
+ severity: 'critical',
1392
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1393
+ },
1394
+ {
1395
+ name: '@redhat-cloud-services/frontend-components-utilities',
1396
+ badVersions: ['7.4.1', '7.4.2'],
1397
+ severity: 'critical',
1398
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1399
+ },
1400
+ {
1401
+ name: '@redhat-cloud-services/hcc-feo-mcp',
1402
+ badVersions: ['0.3.1', '0.3.2'],
1403
+ severity: 'critical',
1404
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1405
+ },
1406
+ {
1407
+ name: '@redhat-cloud-services/hcc-kessel-mcp',
1408
+ badVersions: ['0.3.1', '0.3.2'],
1409
+ severity: 'critical',
1410
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1411
+ },
1412
+ {
1413
+ name: '@redhat-cloud-services/hcc-pf-mcp',
1414
+ badVersions: ['0.6.1', '0.6.2'],
1415
+ severity: 'critical',
1416
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1417
+ },
1418
+ {
1419
+ name: '@redhat-cloud-services/host-inventory-client',
1420
+ badVersions: ['5.0.3', '5.0.4'],
1421
+ severity: 'critical',
1422
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1423
+ },
1424
+ {
1425
+ name: '@redhat-cloud-services/insights-client',
1426
+ badVersions: ['4.0.4', '4.0.5'],
1427
+ severity: 'critical',
1428
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1429
+ },
1430
+ {
1431
+ name: '@redhat-cloud-services/integrations-client',
1432
+ badVersions: ['6.0.4', '6.0.5'],
1433
+ severity: 'critical',
1434
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1435
+ },
1436
+ {
1437
+ name: '@redhat-cloud-services/javascript-clients-shared',
1438
+ badVersions: ['2.0.8', '2.0.9'],
1439
+ severity: 'critical',
1440
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1441
+ },
1442
+ {
1443
+ name: '@redhat-cloud-services/notifications-client',
1444
+ badVersions: ['6.1.4', '6.1.5'],
1445
+ severity: 'critical',
1446
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1447
+ },
1448
+ {
1449
+ name: '@redhat-cloud-services/patch-client',
1450
+ badVersions: ['4.0.4', '4.0.5'],
1451
+ severity: 'critical',
1452
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1453
+ },
1454
+ {
1455
+ name: '@redhat-cloud-services/quickstarts-client',
1456
+ badVersions: ['4.0.11', '4.0.12'],
1457
+ severity: 'critical',
1458
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1459
+ },
1460
+ {
1461
+ name: '@redhat-cloud-services/rbac-client',
1462
+ badVersions: ['9.0.3', '9.0.4'],
1463
+ severity: 'critical',
1464
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1465
+ },
1466
+ {
1467
+ name: '@redhat-cloud-services/remediations-client',
1468
+ badVersions: ['4.0.4', '4.0.5'],
1469
+ severity: 'critical',
1470
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1471
+ },
1472
+ {
1473
+ name: '@redhat-cloud-services/rule-components',
1474
+ badVersions: ['4.7.2', '4.7.3'],
1475
+ severity: 'critical',
1476
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1477
+ },
1478
+ {
1479
+ name: '@redhat-cloud-services/sources-client',
1480
+ badVersions: ['3.0.10', '3.0.11'],
1481
+ severity: 'critical',
1482
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1483
+ },
1484
+ {
1485
+ name: '@redhat-cloud-services/topological-inventory-client',
1486
+ badVersions: ['3.0.10', '3.0.11'],
1487
+ severity: 'critical',
1488
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1489
+ },
1490
+ {
1491
+ name: '@redhat-cloud-services/tsc-transform-imports',
1492
+ badVersions: ['1.2.2'],
1493
+ severity: 'critical',
1494
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1495
+ },
1496
+ {
1497
+ name: '@redhat-cloud-services/types',
1498
+ badVersions: ['3.6.1', '3.6.2', '3.6.4'],
1499
+ severity: 'critical',
1500
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1501
+ },
1502
+ {
1503
+ name: '@redhat-cloud-services/vulnerabilities-client',
1504
+ badVersions: ['2.1.8', '2.1.9'],
1505
+ severity: 'critical',
1506
+ description: 'Compromised (Jun 1, 2026). Miasma variant stealing credentials. GitHub Actions OIDC bypass. Steals AWS/GCP/Azure credentials, GitHub tokens, npm tokens, SSH keys.',
1507
+ },
1312
1508
  ];
1313
1509
  void (async function main() {
1314
1510
  // Check if peer dependencies mode
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "easy-dep-graph",
3
- "version": "1.2.1",
3
+ "version": "1.2.2",
4
4
  "description": "Easily see the dependency graph of your npm project",
5
5
  "homepage": "https://github.com/danisss9/easy-dep-graph#readme",
6
6
  "repository": {