npm

promo-helper @1.0.14

Vulnerability report · Last retrieved from osv.dev July 8, 2026 at 10:24 PM UTC

Malicious

OSV ID

MAL-2026-6985

Ecosystem

npm

Summary

No concrete evidence of installer-side harm was identified for this package version. There are no indicators of credential theft, environment scraping, install-time remote code execution, hardcoded attacker-controlled C2 endpoints, silent-relay behavior, or namespace-abuse drop chains in the package's lifecycle scripts or import-time code paths.

Source: amazon-inspector (f1a88c879a569b51180b134bd442917610efba2cfc54aa980cb3ec3b4731e84c)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.