advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

Removal of Malware in @wdp-gov/lineage-component

Open divyesh-0x01 opened this issue 3 months ago • 1 comments

Hi Team,

Just noticed the malware warning in package @wdp-gov/lineage-component was raised.

The package was published as part of testing of Dependancy Confusion vulnerability in our private repo. After testing we had removed the package on other day, however it seems the package was picked up by scanner and raised the malware issue.

Can you help to remove this advisory. At present also, this package doesn't exist on npm.

Thanks

divyesh-0x01 avatar Oct 05 '25 05:10 divyesh-0x01

Same is for the package @wdp-gov/catalog-serialization-engine

here are the advisories that should be removed or archived.

  • https://github.com/advisories/GHSA-vmh3-vg2w-7g4f
  • https://github.com/advisories/GHSA-4c99-fq4v-p5fc

divyesh-0x01 avatar Oct 05 '25 05:10 divyesh-0x01

👋 Both packages have been replaced with a security holding package and malware advisory, following npm's malware handling guidelines. If you believe that this package was removed in error, please contact npm support at https://www.npmjs.com/support to initiate a namespace claim and share your findings with them for review.

  • https://www.npmjs.com/package/@wdp-gov/lineage-component
  • https://www.npmjs.com/package/@wdp-gov/catalog-serialization-engine

taladrane avatar Dec 22 '25 18:12 taladrane