SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalnpm·malware·osv

Malicious code in consumerweb-authflow (npm)

consumerweb-authflow

Published Jun 7, 2026, 04:59 PM

Risk score

92

AI summary

Indexed incident for consumerweb-authflow (npm).

Description

The OpenSSF Package Analysis project identified 'consumerweb-authflow' @ 4.1.1 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

Technical details

Indicators

affected version<function fixed() { [native code] }75%
affected version<function fixed() { [native code] }75%

Timeline

Jun 7, 04:59 PMAdvisory published
Jun 8, 06:41 AMIndexed by ThreatPkg

Related incidents