5 matches found
node-tkinter is malware
The node-tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
mongose is malware
The mongose package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern...
GHSA-QJ73-V688-WQXF Hijacked Environment Variables in proxy.js
The proxy.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concer...
Shadowsock is malware
The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
GHSA-6FJR-M7V6-FPG9 jquey is malware
The jquey package is malware that attempts to discover and exfiltrate sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found jquey installed in your...