GMS-2020-340: Malicious Package

September 1, 2020 (updated October 1, 2021)

ladder-text-js contained a malicious script that attempted to delete all files when npm test was run. This module has been unpublished from the npm Registry. If you find this module in your environment remove it.

References

github.com/advisories/GHSA-33gc-f8v9-v8hm
www.npmjs.com/advisories/651

Detect and mitigate GMS-2020-340 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →