Trojan downloader???!!!!
Jukez17 opened this issue · 14 comments
You can download the package from NPM and inspect it if you want. I'd be curious to know what you will find.
Does that shows you a path to that file? It could be something else .. called slugify.js
. You can also check out the security report about it.
Well unfortunately I can't help you. Probably your machine got compromised or something like that. You can download the package as tarball from NPM and inspect it if you want.
Just linking this other ticket #133, not sure what happened in that case.
I wonder if this might be a genuine false positive in F-Secure or whatever. Like, whatever heuristic they're using is being triggered by RTL characters and whatnot in slugify.
I can't even create a new project now that this crashes whole thing on gatsby
I can't even create a new project now that this crashes whole thing on gatsby
You probably need to take this up with your anti-malware vendor (F-Secure?), but one thing you can try is installing a different version of slugify
. You can also try using slug
. It is largely (although not entirely) the same API so it is often a drop-in replacement.
I think that slugify comes with some module would installing different slug module work? even when i installed basic boiler plate template there was the same thing happening
@Trott
I have the same issue on a machine.
The problem is that some don't have access to antivirus settings (especially at work) so this kind of breaks any project erlying on slugify.
Perhaps this should be uploaded as a false positive at F-secure to make it stop thinking it's malware? The module author should try this and see what the F-secure people say.
In the meantime this is clearly bothersome.
The module author should try this and see what the F-secure people say.
My opinion only, but I would think the customer who wants to use the software would do this rather than the module author who is a volunteer and is giving away the software and support time for it at no charge.
@AxelTerizaki @Trott I made sample to fsecure and it was false positive and they updated their database.
Thanks for the info. That means my F-secure isn't using the latest update for some reason.