Related advisories:

https://nodesecurity.io/advisories/qs_dos_extended_event_loo...

https://nodesecurity.io/advisories/qs_dos_memory_exhaustion

How to check for this vulnerability in your app:

  > npm install -g nsp
  > nsp audit-package // Run in the same dir as your package.json

This will also report any other vulnerabilities, in addition to the "qs" vulnerability.

Great find, looks like this has already been patched in node-restify v2.8.1.