Malicious code in cofee-script (npm)

The package cofee-script was found to contain malicious code...

MAL-2025-17261 Malicious code in cofee-script (npm)

The package cofee-script was found to contain malicious code...

GHSA-C9RJ-PGXV-84JC cofee-script is malware

The cofee-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofee-script installed in your...

cofee-script is malware

The cofee-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofee-script installed in your...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Malicious Typo-Squatting

cofee-script is a maliciously typo-squatting package. During the installation of these packages, the user's private SSH key and bash history are set to a third party server...