Exciting news!Announcing our $4.6M Series Seed. Learn more
Socket
LoveBlogFAQ
Install
Log in

Dynamic require

Severity

Low

Description

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Suggestion

Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Packages with this issue

semver

The semantic version parser used by npm.

isaacs
 published 7.1.1 •

readable-stream

Streams3, a user-land copy of the stream library from Node.js

matteo.collina
 published 2.2.7 •

yargs-parser

the mighty option parser used by yargs

oss-bot
 published 21.0.1 •

yargs

yargs the modern, pirate-themed, successor to optimist.

oss-bot
 published 17.5.1 •

ajv

Another JSON Schema Validator

esp
 published 4.11.8 •

@babel/core

Babel compiler core.

nicolo-ribaudo
 published 7.17.12 •

browserslist

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

ai
 published 4.20.3 •

jest-worker

Module for executing heavy tasks under forked processes in parallel, by providing a `Promise` based interface, minimum overhead, and bound workers.

simenb
 published 28.1.0 •

bn.js

Big number implementation in pure javascript

indutny
 published 4.11.6 •

fsevents

Native Access to Mac OS-X FSEvents

pipobscure
 published 1.2.9 •
Socket

Product

NPM Packages

About

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc