Exciting news!Announcing our $4.6M Series Seed. Learn more
Socket
LoveBlogFAQ
Install
Log in

Bin script shell injection

Severity

High

Description

This package re-exports a well known shell command via an npm bin script. This is possibly a supply chain attack

Suggestion

Packages should not export bin scripts which conflict with well known shell commands

Packages with this issue

@cnakazawa/watch

Utilities for watching file trees.

cpojer
 published 1.0.4 •

ansi

Advanced ANSI formatting tool for Node.js

tootallnate
 published 0.2.1 •

node-linux-x64

node

aredridel
 published 17.7.2 •

cypress-react-unit-test

Unit test React components using Cypress

bahmutov
 published 4.17.2 •

fast-watch

Watch a directory and run a command when it changes. Uses polling instead of events to avoid the delays and glitches that other watch tools have.

evanw
 published 1.0.0 •

node-linux-arm64

node

aredridel
 published 17.7.2 •

windosu

Windows sudo equivalent

teh_senaus
 published 0.3.0 •

node-wget-fetch

Ultra simple async retrieval of resources or remote files over http or https, an cli tool, and convenience wrapper of node-fetch, and a seamless retry ability

technoexpress
 published 1.1.3 •

ak19logger-npm

Colorized logs

abhinav19k
 published 1.3.4 •
Socket

Product

NPM Packages

About

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc