Malicious code in @cap-js/openapi (npm)

---

__

Source: amazon-inspector (243c059793e8b277fc77959046b7b064cb740d568fa53e4d30b9075660d9dab5)

The package @cap-js/openapi was found to contain malicious code.

Source: google-open-source-security (847ef6b381d410bf176f7414a6f0fbbcf46a5f39b6d9011e126b279bd2d781df)

This package was compromised as part of the ongoing "Mini Shai-Hulud is back" worm by the TeamPCP threat actor.

The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.