npm package
kill-port
pkg:npm/kill-port
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2025-191116Malicious code in kill-port (npm)Nov 24, 2025
- GHSA-3j2r-p9f6-rw66Malware in kill-portNov 24, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5414 | — | < 1.3.2 | 1.3.2 | Mar 17, 2019 | If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. |
- CVE-2019-5414Mar 17, 2019affected < 1.3.2fixed 1.3.2
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.