MAL-2026-2419

Details

Package impersonates legitimate express-session package; initPlugin() downloads and executes attacker-controlled remote code on startup via new Function.constructor()

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (853f35820c1bfb3bd8be7548debc48dbf86de52a43e91d7b586a9b1ce86a54c7)

The package express-session-js was found to contain malicious code.

Affected Packages

express-session-js

npm

References

REPORT

https://safedep.io/malicious-npm-package-express-session-js/