CRITICALAdvisoryJul 05, 2026
Action required
Immediately audit npm package.lock files and node_modules for 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core'. Remove these packages, rotate all developer credentials and API tokens, and scan affected machines for data exfiltration and persistence mechanisms.
Affected products
JFrognpm@nut-tree-fork/nut-js