VYPR

npm package

colors

pkg:npm/colors

Vulnerabilities (1)

  • CVE-2021-23567Jan 14, 2022
    affected >= 1.4.1

    The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers