-= Per source details. Do not edit below this line.=-
React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token compromise.
The malicious code connects to a command and control server and allows remote access, including arbitrary command execution.
{
"malicious-packages-origins": [
{
"sha256": "644f61b8458cb784e3846c22afa7f1f28f824b2b452b7bed6739223ceb0b9513",
"import_time": "2025-06-10T06:38:15.216838Z",
"modified_time": "2025-06-10T06:36:28Z",
"source": "google-open-source-security",
"versions": [
"0.2.5"
]
}
]
}