npm
## Source: google-open-source-security (faa879b0fa360852899250846599b4b81d442b942d5e4fec4101044400272af1) The NPM package @lottiefiles/lottie-player had unauthorized new versions published that contained malicious code. The malicious code prompted for users to connect crypto wallets. Learn more
Lottie animation and Telegram Sticker player web components.
| Public repositories of contributors | 389 |
| Followers of contributors | 507 |
| Repository forks | 179 |
| Open issues | 54 |
| Repository watchers | 33 |
| Number of contributors | 20 |
| Repository stars | 1,560 |
Package has a provenance record signed with Sigstore, confirming its source of origin.
Typosquatting is the risk of installing a malicious package that uses a name similar to a legitimate one.
Starjacking can mislead users into trusting a package, hiding malicious code behind inflated popularity.