Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNm0teDRjNS1yanhq
Silently Runs Cryptocoin Miner in hooka-tools
Affected versions of hooka-tools were compromised and modified to silently run a cryptocoin miner in the background.
All affected versions have been unpublished from the npm registry.
Recommendation
While this module has been unpublished, some versions may exist in mirrors or caches. Do not install this module, and remove it if found.
Permalink: https://github.com/advisories/GHSA-m36m-x4c5-rjxjJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNm0teDRjNS1yanhq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-m36m-x4c5-rjxj
References: Blast Radius: 0.0
Affected Packages
npm:hooka-tools
Dependent packages: 1Dependent repositories: 1
Downloads: 3 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: