npm

Severity: critical

Malicious Package

destroyer-of-worlds

Overview

The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX systems.

Remediation

Remove the package from your environment and perform additional incident response on your system's files and processes.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    May 22nd, 2019
  2. reported

    Reported by Adam Baldwin
    May 22nd, 2019