Malicious Package in nothing-js
Critical severity
GitHub Reviewed
Published
Sep 1, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 1, 2020
Last updated
Jan 9, 2023
nothing-js
contained a malicious script that attempted to delete all files whennpm test
was run.Recommendation
This module has been unpublished from the npm Registry. If you find this module in your environment remove it.
References