Exciting news!Announcing our $4.6M Series Seed. Learn more
Socket
LoveBlogFAQ
Install
Log in

Uses eval

Severity

Medium

Description

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Suggestion

Avoid packages that use eval, since this could potentially execute any code.

Packages with this issue

acorn

ECMAScript parser

marijn
 published 1.2.2 •

ajv

Another JSON Schema Validator

esp
 published 8.11.0 •

fs-extra

fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.

jprichardson
 published 0.23.1 •

async

Higher-order functions and common patterns for asynchronous code

hargasinski
 published 2.6.4 •

js-yaml

YAML 1.2 parser and serializer

vitaly
 published 3.14.1 •

lodash

Lodash modular utilities.

bnjmnt4n
 published 4.17.21 •

jsesc

A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.

mathias
 published 0.3.0 •

pretty-format

Stringify any JavaScript value.

simenb
 published 27.5.1 •

core-js

Standard library

zloirock
 published 3.22.5 •

regenerator-runtime

Runtime for Regenerator-compiled generator and async functions.

benjamn
 published 0.13.9 •
Socket

Product

NPM Packages

About

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc