npm package
coffe-script
pkg:npm/coffe-script
Malware
1 malicious version on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2025-17263Malicious code in coffe-script (npm)Aug 14, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16203 | Hig | 7.5 | — | — | Jun 7, 2018 | The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.