Big update!Introducing GitHub Bot Commands. Learn more
Socket
BlogLoveLog in
Book a demo

Dynamic require

Severity

Low

Description

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Suggestion

Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Packages with this issue

semver

The semantic version parser used by npm.

isaacs
 published 7.0.0 •

readable-stream

Streams3, a user-land copy of the stream library from Node.js

cwmma
 published 2.1.5 •

yargs-parser

the mighty option parser used by yargs

oss-bot
 published 21.1.1 •

ajv

Another JSON Schema Validator

esp
 published 4.11.8 •

yargs

yargs the modern, pirate-themed, successor to optimist.

oss-bot
 published 17.5.1 •

jest-worker

Module for executing heavy tasks under forked processes in parallel, by providing a `Promise` based interface, minimum overhead, and bound workers.

simenb
 published 29.0.3 •

@babel/core

Babel compiler core.

nicolo-ribaudo
 published 7.18.13 •

jest-util

simenb
 published 29.0.3 •

browserslist

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

ai
 published 4.21.4 •

bn.js

Big number implementation in pure javascript

indutny
 published 4.11.6 •
2345
525Next
Socket

Product

About

NPM Packages

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc