NestJS Core
npm@nestjs/coreNestJS Core is the foundational module of the NestJS framework, a TypeScript-first Node.js framework modeled on Angular's dependency injection and module architecture. It provides the application bootstrap, module system, and middleware pipeline. It is used in enterprise Node.js microservices and API backends.
Checking NestJS Core
@nestjs/core 10.4.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=%40nestjs%2Fcore&version=10.4.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "@nestjs/core",
"version": "10.4.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
Dependency injection framework cores resolve and instantiate every service in the application, including services that hold database connections, API clients, and authentication handlers. A compromised DI core can intercept provider resolution to read injected credentials.
Attestd monitors @nestjs/core using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
npm_deprecationnpm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.