CVE-2017-16075

Name of the Vulnerable Software and Affected Versions: http-proxy.js versions all

Description: The http-proxy.js package is a piece of malware designed to steal environment variables and send them to attacker-controlled locations. All versions of this package have been unpublished from the npm registry. If this package is found installed in an environment, the primary security concern is determining how it was installed.

Recommendations: Delete the http-proxy.js package Clear the npm cache Ensure the package is not present in any other package.json files on the system Regenerate registry credentials, tokens, and any other sensitive credentials that may have been exposed via environment variables Review services that may have been exposed via credentials in environment variables, such as databases, for indicators of compromise