Advisories for Npm/Cage-Js package

2020

Malicious Package

All versions of cage-js contains malicious code. The malware downloads and runs a script from a remote server as a postinstall script. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an …