Homepage
About Snyk

Malicious Package Affecting angluar-cli package, versions =0.0.1 =0.0.2 =0.0.3

Severity

 Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-ANGLUARCLI-174911
  • published 5 Jun 2019
  • disclosed 4 Jun 2019
  • credit npm security
Report a new vulnerability Found a mistake?

Introduced: 4 Jun 2019

Malicious CVE NOT AVAILABLE CWE-506 Open this link in a new tab

How to fix?

Avoid using angluar-cli altogether.

Overview

angluar-cli is a malicious package.

angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee antivirus on macOS.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
10 critical
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Changed
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High