This repository has been compromised with malware (PolinRider).
Direct link to affected code
What happened
A malicious actor gained access to this repository and injected malware into the codebase. The malware family has been identified as PolinRider, which is known to steal credentials, secrets, and environment variables from infected machines.
Who is affected
If you have run the latest version of this code, you should consider your machine and any tokens, secrets, or credentials present on it to be compromised. This includes but is not limited to:
- API keys and access tokens
- SSH keys
- Environment variables
- Cloud credentials (AWS, GCP, Azure, etc.)
- NPM, PyPI, or other registry tokens
Immediate actions to take
- Rotate all credentials that were present on any machine that ran the affected code
- Revoke and reissue any tokens, API keys, or secrets
- Audit access logs for any of your services for suspicious activity
- Scan your machine for further signs of compromise
This repository has been compromised with malware (PolinRider).
Direct link to affected code
What happened
A malicious actor gained access to this repository and injected malware into the codebase. The malware family has been identified as PolinRider, which is known to steal credentials, secrets, and environment variables from infected machines.
Who is affected
If you have run the latest version of this code, you should consider your machine and any tokens, secrets, or credentials present on it to be compromised. This includes but is not limited to:
Immediate actions to take