VYPR

npm

by Npm

npm: npm

CVEs (1)

  • CVE-2021-43616CriNov 13, 2021
    risk 0.00cvss 9.0epss 0.03

    The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was…