Big update!Introducing GitHub Bot Commands. Learn more
Socket
BlogLoveLog in
Book a demo

Uses eval

Severity

Medium

Description

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Suggestion

Avoid packages that use eval, since this could potentially execute any code.

Packages with this issue

xml-json-editor

封装xml转json编辑器组件

published 1.1.0 •

zk-ffss

zk

published 1.0.3 •

acorn

ECMAScript parser

published 1.2.2 •

ajv

Another JSON Schema Validator

published 8.11.0 •

fs-extra

fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.

published 0.22.1 •

js-yaml

YAML 1.2 parser and serializer

published 3.14.1 •

pretty-format

Stringify any JavaScript value.

published 27.5.1 •

async

Higher-order functions and common patterns for asynchronous code

published 2.6.4 •

jsesc

A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.

published 0.3.0 •

lodash

Lodash modular utilities.

published 4.17.21 •
2345
469Next
Socket

Product

About

NPM Packages

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc