paperclip2@0.0.1-security

security holding package

Direct Vulnerabilities

Known vulnerabilities in the paperclip2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • C
Malicious Package

paperclip2 is a malicious package. This package contains malicious code and consists solely of a package.json file, with no JavaScript files present. A one-liner embedded in its postinstall script spawns a reverse shell that connects to a remote host on port 7007. Users who have installed this package should remove it immediately.

How to fix Malicious Package?

Avoid using all malicious instances of the paperclip2 package.

*