MAL-2025-17263 Malicious code in coffe-script (npm)

The package coffe-script was found to contain malicious code...

Malicious code in coffe-script (npm)

The package coffe-script was found to contain malicious code...

swagger-koa88 (>=1.0.2 <=1.0.5-0), windows10-electron-vibrancy (>=1.0.0 <=1.0.1) +1 more potentially affected by unknown CVE via coffe-script (=0.0.1-security)

coffe-script NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on coffe-script and may be impacted: - swagger-koa88 =1.0.2, =1.0.0, =1.0.5, =1.1.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-17263...

coffe-script is malware

The coffe-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffe-script installed in your...

GHSA-J49G-MP79-5VM5 coffe-script is malware

The coffe-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffe-script installed in your...

CVE-2017-16203

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

Information disclosure

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

CVE-2017-16203

The CVE-2017-16203 entry concerns the coffe-script npm package, which (per multiple sources) exfiltrates sensitive data (e.g., private SSH keys and bash history) to attacker-controlled locations during installation. Affected behavior is the package’s malware-like activity; all versions have been ...