Socket for GitHub
Detect suspicious packages in PRs
Socket CLI
Use Socket from the command line
Socket Dependency Search
Find any package for your project
Docs
Want to read all the docs? Start here.
Blog
Keep up to date with all the news.
Love
See why developers love Socket.
Bin script shell injection
Severity
High
Description
This package re-exports a well known shell command via an npm bin script. This is possibly a supply chain attack
Suggestion
Packages should not export bin scripts which conflict with well known shell commands