soket.io@0.0.1-security vulnerabilities

security holding package

latest version

0.0.1-security
first published

5 years ago
latest version published

5 years ago
licenses detected
- Unknown
  >=0
View soket.io package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the soket.io package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Malicious Package soket.io is a malicious package that is typo squatting. The authentic package is Socket.io. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. How to fix Malicious Package? Avoid using `soket.io` altogether.	*

Malicious Package

soket.io is a malicious package that is typo squatting. The authentic package is Socket.io.

The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands.

How to fix Malicious Package?

Avoid using soket.io altogether.

Go back to all versions of this package

soket.io@0.0.1-security vulnerabilities

security holding package

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities