GMS-2020-506: Malicious Package
(updated )
This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Remove the package from your environment. There are no indications of further compromise.
References
Detect and mitigate GMS-2020-506 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →