All versions of
npmpubman contain malicious code. The
index.js file sends local environment variables to a remote server. The file is not run upon installation - the package needs to be required or the
index.js run manually.
Remove the package from your environment and ensure any compromised credentials are rotated.
publishedAdvisory PublishedOct 15th, 2020
reportedReported by UnknownOct 15th, 2020