Supply-chain threat intelligence

Incident detail

criticalnpm·malware·osv

Malicious code in maplibre-gl-vue3 (npm)

maplibre-gl-vue3

Risk score

92

AI summary

Indexed incident for maplibre-gl-vue3 (npm).

Description

The package advertises itself as MapLibre GL bindings for Vue 3 and re-exports the upstream maplibre-gl API, but on import it unconditionally injects a

Technical details

Affected versions

=1.0.0=5.24.2=5.24.1>=0

Indicators

  • affected version=1.0.075%
  • affected version=5.24.275%
  • affected version=5.24.175%
  • affected version>=075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents