Dangerous NPM package vulnerability discovered
A vulnerability was found in 2.0.3 and later versions of the popular NPM package veged/coa. Package has been compromised and contains cryptomining and password stealing malware. The malicious code mainly targets Windows.
According to advisory, users using compromised veged/cao 2.0.3 and later should switch to the respective version 2.0.2.
Source: developers.ibexa.co
05 November 2021