progerss-cli @3.12.0
Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 1:25 AM UTC
OSV ID
MAL-2026-5343
Ecosystem
npm
Summary
Package name 'progerss-cli' resembles the common spelling 'progress-cli' via a two-character transposition, which is a typical typosquat shape. No exfiltration, dropper, credential access, or other installer-harm behavior was observed in the scanned files, and no lifecycle scripts were identified. Without a confirmed payload, name similarity alone is not sufficient to block, but the naming pattern warrants human review to assess intent and impact on installers who mistype a target package name.
Source: amazon-inspector (ea4c1c3b9761cfe244327e4937c18585ef6fc901df383b24c3f0e148c195e8f7)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.