Shadowsock is malware

The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

GHSA-36VC-CW62-FQVR Shadowsock is malware

The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

CVE-2017-16078

shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16078

shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

CVE-2017-16078

CVE-2017-16078 concerns the npm package shadow sock—described in connected advisories as a malware that steals environment variables and exfiltrates to attacker-controlled endpoints. The npm advisory and GitHub/OSV entries confirm it has been unpublished from the npm registry; all versions are re...

Hijacked Environment Variables

Overview The shadowsock package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...