<p>Avoid using <code>donotinstallthis</code> altogether.</p>

Malicious Package Affecting donotinstallthis package, versions *

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-DONOTINSTALLTHIS-174740
published 20 May 2019
disclosed 16 May 2019
credit Adam Baldwin

Report a new vulnerability Found a mistake?

Introduced: 16 May 2019

Malicious CWE-506 Open this link in a new tab

How to fix?

Avoid using donotinstallthis altogether.

Overview

donotinstallthis is a security holding package.

This package is a Malicious Package. The package donotinstallthis contained malicious code. The package contained a script that was run as part of the install script. The script contacted a remote service tracking how many installations were done. There is no further compromise.

References

NPM Security Advisory