6 matches found
Malicious JavaScript Package Detection
Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
CVE-2017-16127
The module pandora-doomsday infects other modules. It's since been unpublished from the registry...
Code injection
The module pandora-doomsday infects other modules. It's since been unpublished from the registry...
CVE-2017-16127
The module pandora-doomsday infects other modules. It's since been unpublished from the registry...
CVE-2017-16127
The CVE-2017-16127 entry concerns the npm package pandora-doomsday, a malicious module that infects other packages. According to connected advisories, it adds itself to the package.json of other packages discovered on the victim host and attempts to publish the package, effectively compromising p...
Malicious Module
pandora-doomsday and test-module-a are modules which can infect other modules. During installation, the module runs a postinstall script that adds the package's author mr-robot as an owner to every other package owned by the user that ran the npm install method...