Nearly Perpendicular Macaroons
    Severity: critical

    Malicious Package

    destroyer-of-worlds

    Overview

    The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX systems.

    Remediation

    Remove the package from your environment and perform additional incident response on your system's files and processes.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 22nd, 2019
    2. reported

      Reported by Adam Baldwin
      May 22nd, 2019