Spectra Assure
Community
Docs
failIncident: Malware
Scanned: 12 days ago

synckit

removed
malicious
Top 10k
Perform async work synchronously in Node.js using `worker_threads` with first-class TypeScript support.
License: Permissive (MIT)
Published: 4 months ago
Visit Github
See on npm

SAFE Assessment

Compliance

Licenses
No license compliance issues
Secrets
No sensitive information found

Security

Vulnerabilities
2 severe vulnerabilities exploited
Hardening
2 low priority mitigations absent

Threats

Tampering
1 malware-like behaviors found
Malware
3 supply chain attack artifacts

INCIDENTS FOR THIS VERSION:

malware
4 months agoReported By: Community (Socket)
More info
malware
4 months agoReported By: Community (Bleeping Computer)
More info
malware
4 months agoReported By: Community (OpenSSF)
More info
malware
4 months agoReported By: ReversingLabs (Researcher)
Learn more about malware detection
removal
Reported By: Community
List of known vulnerabilities affecting the software package and the components it embeds. Last refreshed on: 2025/11/05
All detected vulnerabilities are fixable
Run the update/upgrade command in your package manager to resolve the detected vulnerabilities
CVSS Score
CVE
Name
Tags
high
7.5
CVE-2025-54313
Exploits Exist
Fix Available
Exploited by Malware
high
7.5
CVE-2025-9086
Exploits Exist
Fix Available
medium
6.5
CVE-2025-4947
Exploits Exist
Fix Available
medium
5.3
CVE-2025-10148
Exploits Exist
Fix Available

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.