Advisories for Npm/Leetlog package

2020

Malicious Package

of leetlog contain malicious code. The package adds an arbitrary hardcoded SSH key identified as hacker@evilmachine to the system's authorized_keys ## Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an …