Severity: Critical
CVSS Score: 9.8
All versions of `boogeyman` are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users `.npmrc` and send them to a private pastebin account. ## Recommendation This package was published to the npm Registry for a very short period of time. If you happen to find it in your environment you should revoke and rotate your ssh keys and your npm token.