Name of the Vulnerable Software and Affected Versions boogeyman (affected versions not specified)

Description The issue concerns a malicious package that downloads a payload from pastebin.com, evaluates it to read ssh keys and the user's .npmrc file, and sends them to a private pastebin account.

Recommendations Revoke and rotate your ssh keys and your npm token if the boogeyman package is found in your environment.