GHSA-298w-vvm4-ww55 lists the @opensearch-project/opensearch library as affected, rather than the malicious typo-sqatted libraries.
The advisory should focus on the typo squatted versions as it doesn't appear from the blog that there was actually a compromise of the @opensearch-project npm repo or setup.
There should be an advisory for the libraries:
@vpmdhaj/elastic-helper
@vpmdhaj/devops-tools
@vpmdhaj/opensearch-setup
@vpmdhaj/search-setup~
And the >0 should be removed as that's misleading.
GHSA-298w-vvm4-ww55 lists the @opensearch-project/opensearch library as affected,
rather than the malicious typo-sqatted libraries.The advisory should focus on the typo squatted versions as it doesn't appear from the blog that there was actually a compromise of the @opensearch-project npm repo or setup.There should be an advisory for the libraries:
@vpmdhaj/elastic-helper
@vpmdhaj/devops-tools
@vpmdhaj/opensearch-setup
@vpmdhaj/search-setup~
And the >0 should be removed as that's misleading.