CVE-2017-16127

Name of the Vulnerable Software and Affected Versions: pandora-doomsday (affected versions not specified)

Description: The issue concerns a malicious package named pandora-doomsday that infects other modules by adding itself to their package.json files and attempting to publish the compromised packages. This package has been removed from the npm registry. Any computer with this package installed should be considered fully compromised, and all secrets and keys stored on it should be rotated immediately from a different computer.

Recommendations: To address the issue, remove the pandora-doomsday package, but be aware that this may not remove all malicious software resulting from its installation, as full control of the computer may have been given to an outside entity. Consider rotating all secrets and keys stored on the compromised computer immediately from a different computer.