commander-js@0.0.1-security vulnerabilities

security holding package

latest version

0.0.1-security
first published

5 years ago
latest version published

5 years ago
licenses detected
- Unknown
  >=0
View commander-js package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the commander-js package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Malicious Package commander-js is a Malicous Package. This package is trying to mimic the real commander.js [ https://www.npmjs.com/package/commander]. It has a backdoor in `postinstall` script which downloads and evaluates the content of `http://23.94.46.191/update.json` (which currently doesn't contain anything malicious). How to fix Malicious Package? Avoid using `commander-js` altogether.	*

Malicious Package

commander-js is a Malicous Package.

This package is trying to mimic the real commander.js [ https://www.npmjs.com/package/commander]. It has a backdoor in postinstall script which downloads and evaluates the content of http://23.94.46.191/update.json (which currently doesn't contain anything malicious).

How to fix Malicious Package?

Avoid using commander-js altogether.

Go back to all versions of this package

commander-js@0.0.1-security vulnerabilities

security holding package

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities