Is there a way to get more info on GitHub Advisory Database change

[USMALQ]

There was a change to lessc-rhino and it is now listed as "Malware in lessc-rhino" with no context on what/where the malicious code was located. Is there a way to see what specifically was flagged as malicious?

"Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it."

GHSA-rw3m-xvr5-2gfx

[Menula-De-Silva]

When a package like lessc-rhino is flagged as malicious and assigned a security advisory (like GHSA-rw3m-xvr5-2gfx), the specific details about what makes the package malicious are often documented in the advisory or its references. Here's how you can investigate further:

Steps to Investigate
Check the GitHub Security Advisory
Visit the advisory page directly on GitHub or any linked source. Search for GHSA-rw3m-xvr5-2gfx in GitHub’s security advisories database. It may provide details about the malicious behavior, such as:

Type of malicious activity (e.g., data exfiltration, credential harvesting).
Specific files or code injected into the package.
Examine the Package Contents
If you still have access to a copy of the flagged version:

Extract the package and inspect its contents.
Look for unusual files or scripts, such as:
Obfuscated code.
Unexpected dependencies or postinstall scripts in the package.json.
Hardcoded URLs or secrets.
⚠️ Caution: Do this in a secure, isolated environment to avoid potential system compromise.

Compare with a Known Safe Version
If the package had legitimate versions prior to being compromised, compare the malicious version with a safe one:

Use a diff tool to identify unexpected changes.
Check Issue Trackers or Forums
Communities like npm’s security page or security-focused forums may have detailed discussions on what specifically was flagged.

Search Public Threat Reports
The malicious activity could have been analyzed by security researchers. Perform a web search for terms like:

"lessc-rhino malware analysis."
"GHSA-rw3m-xvr5-2gfx details."
Reach Out to Security Experts
If no clear information is available, consider asking security communities like Stack Exchange's Information Security or reporting your findings to a security professional.

Remediation Recommendations
System Containment: Assume the worst as the advisory suggests. If the package was installed or run, consider reimaging affected machines.
Credential Rotation: Immediately rotate all credentials, secrets, and keys stored or used on compromised systems.
Monitor for Unusual Activity: Monitor network traffic and logs for unauthorized access or suspicious activity linked to the package.

[Menula-De-Silva]

do not forget to follow me