Newtonian Physics Mockumentary
Severity: critical

Malicious 󠅮󠅰󠅭Package



All versions of 1337qq-js contain malicious code. The package exfiltrates sensitive information through install scripts. It targets UNIX systems. The information exfiltrated includes:

  • Environment variables
  • Running processes
  • /etc/hosts
  • uname -a
  • npmrc file


Remove the package from your system and rotate any compromised credentials.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 13th, 2020
  2. reported

    Reported by Microsoft Vulnerability Research
    Jan 13th, 2020