You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I work for AppDynamics (a Cisco, Inc business unit) and am the lead engineer for the product these packages are a part of. These packages are not malware, do not contain malware, and do not have any vulnerabilities listed by npm audit. I believe the malware reports against them are, at best, erroneous and, at worst, malicious.
Unfortunately the advisories linked above contain no specifics that we can address. What is the process for refuting these advisories and getting them removed?
The text was updated successfully, but these errors were encountered:
And I would guess that your build system is using a private package registry for packages of the same name. If you do some searching you'll find similar issues others have opened in this repo
ex. #3487 #4697 #2492
tl;dr is that npm audit is confusing where packages come from. I opened an issue with npm some time back to try and get this addressed in default behavior for npm audit, but alas no movement there
See: npm/rfcs#739
So, you can reach out to npm support about these advisories, but the packages on npmjs.com were almost certainly malware and having advisories about them is beneficial for anyone who may have downloaded those packages. Sorry, I can't give you a more satisfying answer, but I hope that helps at least 😃
There are three malware reports against packages published by AppDynamics:
I work for AppDynamics (a Cisco, Inc business unit) and am the lead engineer for the product these packages are a part of. These packages are not malware, do not contain malware, and do not have any vulnerabilities listed by
npm audit
. I believe the malware reports against them are, at best, erroneous and, at worst, malicious.Unfortunately the advisories linked above contain no specifics that we can address. What is the process for refuting these advisories and getting them removed?
The text was updated successfully, but these errors were encountered: