npmconf@0.0.23 vulnerabilities

The config module for npm circa npm@1 and npm@2

  • latest version

    2.1.3

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    6 years ago

  • deprecated

    Package is deprecated

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the npmconf package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Uninitialized Memory Exposure

    npmconf is a package to reintegrate directly into npm.

    Affected versions of this package are vulnerable to Uninitialized Memory Exposure. It allocates and writes to disk uninitialized memory content when a typed number is passed as input.

    Note npmconf is deprecated and should not be used. Note This is vulnerable only for Node <=4

    How to fix Uninitialized Memory Exposure?

    Upgrade npmconf to version 2.1.3 or higher.

    <2.1.3