soket.io@0.0.1-security vulnerabilities
security holding package
-
latest version
0.0.1-security
-
first published
5 years ago
-
latest version published
5 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the soket.io package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
soket.io is a malicious package that is typo squatting. The authentic package is Socket.io. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. How to fix Malicious Package? Avoid using |
*
|