Logo
npm

env-expanded @2.5.5

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2026-2360

Ecosystem

npm

Summary

The package env-expanded was found to contain malicious code.

Source: amazon-inspector (d3b59507cce21e48b0df323a7a5cedf303427c72c2118fdc15702c813174cfa8)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.

SEE HACKTRON REVIEW → SCAN DEPENDENCIES