Incident detail

criticalnpm·typosquatting·osv

Malicious code in peertube-plugin-google-analytics-js (npm)

peertube-plugin-google-analytics-js

Published May 22, 2026, 06:46 PM

Risk score

AI summary

Indexed incident for peertube-plugin-google-analytics-js (npm).

Description

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (3c66b6ebad55556f956fbc181293327eb4051d2ec6de6436a24d027fac58e580)

This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script (client/common-client-plugin.js:8) registers a 'common' scope clientScript that injects a remote

Technical details

Affected versions

<function fixed() { [native code] }

Indicators

aliasGHSA-4r2m-9mxx-rf7q90%
affected_version<function fixed() { [native code] }75%

Timeline

May 22, 06:46 PMAdvisory published
Jun 2, 06:41 AMIndexed by ThreatPkg

Related incidents

Malicious code in parsimonius (PyPI)parsimonius92
Malware in peertube-plugin-google-analytics-jspeertube-plugin-google-analytics-js92
Malicious code in cdktn-provider-datadog (PyPI)cdktn-provider-datadog92
Malicious code in cdktn-provider-newrelic (PyPI)cdktn-provider-newrelic92
Malicious code in ggk-happy (npm)ggk-happy92