-= Per source details. Do not edit below this line.=-
React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token compromise.
The malicious code connects to a command and control server and allows remote access, including arbitrary command execution.
{ "malicious-packages-origins": [ { "versions": [ "0.2.10" ], "modified_time": "2025-06-10T06:36:28Z", "source": "google-open-source-security", "sha256": "f417c0ca8632369f18fa208f418b61b3150122f048ba95cbf4b0ab78dc4f20c2", "import_time": "2025-06-10T06:38:15.181948Z" } ] }