Description
The openssl.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations.
All versions have been unpublished from the npm registry.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0.0.0
References
Related Issues
- d3.js is malware - CVE-2017-16044
- DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware - CVE-2025-59037
- Vercel ms Inefficient Regular Expression Complexity vulnerability - CVE-2017-20162
- jqueryFileTree vulnerable to Directory Traversal - CVE-2017-1000170
- Tags:
- npm
- openssl.js
Anything's wrong? Let us know Last updated on September 07, 2023