All versions of
boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users
.npmrc and send them to a private pastebin account.
This package was published to the npm Registry for a very short period of time. If you happen to find it in your environment you should revoke and rotate your ssh keys and your npm token.