cofee-script package is a piece of malware that steals sensitive data
such as a user's private SSH key and bash history, sending them to attacker
All versions have been unpublished from the npm registry.
If you have found
cofee-script installed in your environment, you should:
Additionally, any service which may have been exposed via credentials in your bash history or accessible via your ssh keys, such as a database, should be reviewed for indicators of compromise as well.