VYPR

CLI

by Lumiverse

npm: cli

Source repositories

CVEs (6)

  • CVE-2022-29244Jun 13, 2022
    risk 0.00cvss epss 0.03

    npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively,…

  • CVE-2021-43616Nov 13, 2021
    risk 0.00cvss epss 0.03

    The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was…

  • CVE-2020-15095Jul 7, 2020
    risk 0.00cvss epss 0.00

    Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and…

  • CVE-2019-16777Dec 13, 2019
    risk 0.00cvss epss 0.02

    Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any…

  • CVE-2019-16776Dec 13, 2019
    risk 0.00cvss epss 0.03

    Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher…

  • CVE-2019-16775Dec 13, 2019
    risk 0.00cvss epss 0.03

    Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would…