<p>Why does socket.dev report that the latest version of next.js has a malware dependency? <a href="https://socket.dev/npm/package/next/alerts/15.2.3?tab=dependencies" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">socket.dev/npm/package/next/al</span><span class="invisible">erts/15.2.3?tab=dependencies</span></a></p><p>“Malicious code in gen-mapping (npm) Any computer that has this package installed or running should be considered fully compromised.”</p><p>Update: looks like this is a pretty big flaw in the vulnerability scanner — not in next (check the replies for more info)</p> 