npm

typescript-base58 @1.0.0

Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 1:25 AM UTC

Malicious

OSV ID

MAL-2026-6925

Ecosystem

npm

Summary

typescript-base58@1.0.0 is a one-line re-export of the 'base58-core' package. The README advertises 'Zero dependencies' while package.json declares a runtime dependency on base58-core (^1.0.0), so installing this package silently introduces base58-core into the installer's dependency tree under a misleading description. The shim itself performs no install-time or import-time actions beyond the re-export; it contains no lifecycle scripts, no network calls, no credential reads, and no obfuscation. The installer-side risk is entirely contingent on the contents of base58-core, which is not analyzed in this record.

Source: amazon-inspector (b860a9c4960f55c236ca5e14781f5dcfb60752d4367cb9aeb30762d3b023004e)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.