Reothor.Lab.EvilPackage

latest

removed

malicious

Research

Demonstrates a supply chain attack using dependency confusion. Do not install this package in any production projects.

License: Permissive (Apache-2.0)

Published:

See on NuGet

SAFE Assessment

Compliance

Licenses

No license compliance issues

Secrets

No sensitive information found

Security

Vulnerabilities

No known vulnerabilities detected

Hardening

No application hardening issues

Threats

Tampering

1 components prone to hijacking

Malware

3 supply chain attack artifacts

IMPORTANT: All versions of this package have been malicious

Latest malware incident detected:

Version: 200.0.0

INCIDENTS:

malware

Reported By: ReversingLabs (Researcher)

Learn more about malware detection

removal

Reported By: Community

Historical list of all known contributors that worked on this software package.

Role

Username

author

Frode Hus

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.