Incident detail

criticalnpm·typosquatting·osv

Malicious code in peertube-plugin-google-analytics-js (npm)

peertube-plugin-google-analytics-js

Published May 22, 2026, 06:46 PM

Risk score

AI summary

Indexed incident for peertube-plugin-google-analytics-js (npm).

Description

This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script (client/common-client-plugin.js:8) registers a 'common' scope clientScript that injects a remote

Technical details

Indicators

Advisory IDs
90%
affected version<function fixed() { [native code] }75%

Timeline

May 22, 06:46 PMAdvisory published
Jun 2, 06:41 AMIndexed by ThreatPkg

Related incidents

Malicious code in parsimonius (PyPI)parsimonius92
Malware in peertube-plugin-google-analytics-jspeertube-plugin-google-analytics-js92
Malicious code in cdktn-provider-datadog (PyPI)cdktn-provider-datadog92
Malicious code in cdktn-provider-newrelic (PyPI)cdktn-provider-newrelic92
Malicious code in ggk-happy (npm)ggk-happy92