The coffescript
package is a piece of malware that steals sensitive data such as a user’s private SSH key and bash history, sending them to attacker controlled locations.
All versions have been unpublished from the npm registry.
If you have found coffescript
installed in your environment, you should:
Additionally, any service which may have been exposed via credentials in your bash history or accessible via your ssh keys, such as a database, should be reviewed for indicators of compromise as well.
CPE | Name | Operator | Version |
---|---|---|---|
coffescript | eq | 1.0.1 |