GMS-2020-412: Malicious Package
(updated )
nothing-js
contained a malicious script that attempted to delete all files when npm test
was run. This module has been unpublished from the npm Registry. If you find this module in your environment remove it.
References
Detect and mitigate GMS-2020-412 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →