[SECURITY]: Malicious npm releases detected across `@redhat-cloud-services/` scope
Pangram verdict · v3.3
We believe that this document is fully human-written
AI likelihood · overall
HumanArticle text · 70 words · 2 segments analyzed
Ref:
https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised https://app.stepsecurity.io/oss-security-feed?q=@redhat-cloud-services
Affected Packages
Package Compromised Version
@redhat-cloud-services/chrome 2.3.1
@redhat-cloud-services/compliance-client 4.0.3
@redhat-cloud-services/config-manager-client 5.0.4
@redhat-cloud-services/entitlements-client 4.0.11
@redhat-cloud-services/eslint-config-redhat-cloud-services 3.2.1
@redhat-cloud-services/frontend-components 7.7.2
@redhat-cloud-services/frontend-components-advisor-components 3.8.2
@redhat-cloud-services/frontend-components-config 6.11.3
@redhat-cloud-services/frontend-components-config-utilities 4.11.2
@redhat-cloud-services/frontend-components-notifications 6.9.2
@redhat-cloud-services/frontend-components-remediations 4.9.2
@redhat-cloud-services/frontend-components-testing 1.2.1
@redhat-cloud-services/frontend-components-translations 4.4.1
@redhat-cloud-services/frontend-components-utilities 7.4.1
@redhat-cloud-services/hcc-feo-mcp 0.3.1
@redhat-cloud-services/hcc-kessel-mcp 0.3.1
@redhat-cloud-services/hcc-pf-mcp 0.6.1
@redhat-cloud-services/host-inventory-client 5.0.3
@redhat-cloud-services/insights-client 4.0.4
@redhat-cloud-services/integrations-client 6.0.4
@redhat-cloud-services/javascript-clients-shared 2.0.8
@redhat-cloud-services/notifications-client 6.1.4
@redhat-cloud-services/patch-client 4.0.4
@redhat-cloud-services/quickstarts-client 4.0.11
@redhat-cloud-services/rbac-client 9.0.3
@redhat-cloud-services/remediations-client 4.0.4
@redhat-cloud-services/rule-components 4.7.2
@redhat-cloud-services/sources-client 3.0.10
@redhat-cloud-services/topological-inventory-client 3.0.10
@redhat-cloud-services/tsc-transform-imports 1.2.2
@redhat-cloud-services/types 3.6.1