nodecaffe is malware

The nodecaffe package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security conce...

Unspecified vulnerability in nodecaffe

nodecaffe is a package that allows JavaScript to inspect Caffe layers and content. A security vulnerability exists in nodecaffe. An attacker could exploit the vulnerability to steal environment variables...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Malicious Typo-Squatting

nodecaffe is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Code injection

nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16070

nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16070

nodecaffe is a malware package published to hijack environment variables and exfiltrate them to attacker-controlled locations. The npm-hosted module has been unpublished across all versions. Affected context from the provided documents shows malware behavior and cleanup guidance: remove the packa...