Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAvoid using all malicious instances of the paperclip2 package.
paperclip2 is a malicious package.
This package contains malicious code and consists solely of a package.json file, with no JavaScript files present. A one-liner embedded in its postinstall script spawns a reverse shell that connects to a remote host on port 7007.
Users who have installed this package should remove it immediately.