Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/add-shopify-header@0.0.0

Type npm

Namespace

Name add-shopify-header

Version 0.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-221e-c9yb-b3h7

vulnerability_id VCID-221e-c9yb-b3h7

summary

Malicious code in add-shopify-header (npm)
This malicious package was published during the PhantomRaven NPM campaign. The malicious payload steals tokens and credentials.

references

reference_url	https://github.com/advisories/MAL-2025-48973
reference_id
reference_type
scores
url	https://github.com/advisories/MAL-2025-48973

reference_url	https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies
reference_id
reference_type
scores
url	https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies

reference_url	https://github.com/advisories/GHSA-3qwx-3r5m-q73x
reference_id	GHSA-3qwx-3r5m-q73x
reference_type
scores
url	https://github.com/advisories/GHSA-3qwx-3r5m-q73x

fixed_packages

aliases GHSA-3qwx-3r5m-q73x, MAL-2025-48973

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-221e-c9yb-b3h7

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/add-shopify-header@0.0.0

Package Instance