Big update!Introducing GitHub Bot Commands. Learn more
Socket
BlogLoveLog in
Book a demo

Bin script shell injection

Severity

High

Description

This package re-exports a well known shell command via an npm bin script. This is possibly a supply chain attack

Suggestion

Packages should not export bin scripts which conflict with well known shell commands

Packages with this issue

@cnakazawa/watch

Utilities for watching file trees.

published 1.0.4 •

node-linux-x64

node

published 18.9.0 •

@factor/cli

published 4.1.70 •

node-win-x64

node

published 18.9.0 •

cypress-react-unit-test

Unit test React components using Cypress

published 4.17.2 •

node-darwin-x64

node

published 18.9.0 •

watch-cli

Command line wrapper for gaze to use in package.json scripts object.

published 0.2.3 •

@4c/init

published 5.0.0 •

node-wget

Ultra simple async retrieval of remote files over http or https

published 0.4.3 •

occam-open-cli

Occam's command line package management tool.

published 5.0.34 •
234Next
Socket

Product

About

NPM Packages

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc