VYPR

npm package

@farmfe/core

pkg:npm/%40farmfe/core

Vulnerabilities (1)

  • CVE-2025-56647MedFeb 12, 2026
    affected < 1.7.6fixed 1.7.6

    npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source