The package communicates with a domain associated with malicious activity.
-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified 'google-webfonts-helper' @ 10.0.0 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"sha256": "50d802a4efa3139f3908c23a67ec72cc2989d4abba438778fef7501c86765b75",
"versions": [
"9.9.9"
],
"import_time": "2025-08-06T20:07:10.925514503Z",
"modified_time": "2025-08-06T20:00:53Z",
"source": "ossf-package-analysis"
},
{
"sha256": "ba7d8c4c4151033fdccecb7ed439075f6c8eb39490462dd7b25aac68d2a22482",
"versions": [
"10.0.0"
],
"import_time": "2025-08-08T18:07:33.644681742Z",
"modified_time": "2025-08-08T18:00:54Z",
"source": "ossf-package-analysis"
}
]
}