GHSA-GFV4-2VHM-486M node-fabric is malware

The node-fabric package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Malicious Typo-Squatting

node-fabric is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

Code injection

node-fabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16052

node-fabric was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16052

The CVE-2017-16052 entry concerns the npm package node-fabric, identified in multiple security advisories as malware that steals environment variables. Affected component: the node-fabric package (typo-squatting/malicious behavior) published to npm and later unpublished by npm. Root cause/attack ...

Hijacked Environment Variables

Overview The node-fabric package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...