Exfiltrates data on installation

2017-10-06T06:55:27
ID NODEJS:540
Type nodejs
Reporter Aurélio A. Heckert
Modified 2017-10-06T06:55:27

Description

Overview

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.

Remediation

Do not install this module. It has been unpublished from the registry but may exist in some caches. If you may have accidentally installed this package you should cycle your SSH key and review your bash history for any sensitive data that may have been leaked.