Spectra Assure
Community
failIncident: Malware
Scanned: 8 days ago

got-fetch

latest
removed
malicious
A fetch-compatible interface to the got HTTP client
License: Permissive (MIT)
Published: 6 months ago
Visit GitHub
See on npm

SAFE Assessment

Compliance

Licenses
No license compliance issues
Secrets
No sensitive information found

Security

Vulnerabilities
2 severe vulnerabilities exploited
Hardening
2 low priority mitigations absent

Threats

Tampering
1 malware-like behaviors found
Malware
3 supply chain attack artifacts

INCIDENTS FOR THIS VERSION:

malware
6 months agoReported By: Community (Bleeping Computer)
More info
malware
6 months agoReported By: ReversingLabs (Researcher)
Learn more about malware detection
malware
6 months agoReported By: Community (OpenSSF)
More info
malware
6 months agoReported By: Community (Checkmarx)
More info
malware
6 months agoReported By: Community (Socket)
More info
removal
N/AReported By: Community
List of software behaviors discovered with static code analysis.
Info
Count
Category

Prevalence in npm community

Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
2 packages
found in
Top 1k
35 packages
found in
Top 10k
8.88k packages
in community

Prevalence in npm community

Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
2 packages
found in
Top 1k
36 packages
found in
Top 10k
9.8k packages
in community

Prevalence in npm community

Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
1 packages
found in
Top 1k
4 packages
found in
Top 10k
732 packages
in community

Prevalence in npm community

Behavior often found in this community (Common)
95 packages
found in
Top 100
726 packages
found in
Top 1k
7488 packages
found in
Top 10k
4.56M packages
in community

Prevalence in npm community

Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
2 packages
found in
Top 1k
57 packages
found in
Top 10k
14.42k packages
in community

Prevalence in npm community

Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
1 packages
found in
Top 1k
12 packages
found in
Top 10k
4.07k packages
in community

Prevalence in npm community

Behavior often found in this community (Common)
16 packages
found in
Top 100
84 packages
found in
Top 1k
1451 packages
found in
Top 10k
470.37k packages
in community

Prevalence in npm community

Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
2 packages
found in
Top 1k
41 packages
found in
Top 10k
12.09k packages
in community

Prevalence in npm community

Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
1 packages
found in
Top 1k
4 packages
found in
Top 10k
885 packages
in community

Prevalence in npm community

Behavior often found in this community (Common)
10 packages
found in
Top 100
35 packages
found in
Top 1k
714 packages
found in
Top 10k
196.38k packages
in community

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.