-= Per source details. Do not edit below this line.=-
React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token compromise.
The malicious code connects to a command and control server and allows remote access, including arbitrary command execution.
{
"malicious-packages-origins": [
{
"versions": [
"0.1.16",
"0.1.17"
],
"sha256": "17982e09dcf1a69caf714afad49b310371d80fe7260bf21fcad08da2a07df00c",
"modified_time": "2025-06-10T06:36:28Z",
"source": "google-open-source-security",
"import_time": "2025-06-10T06:38:15.27525Z"
}
]
}