Snyk has a published code exploit for this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAvoid using commander-js
altogether.
commander-js is a Malicous Package.
This package is trying to mimic the real commander.js [ https://www.npmjs.com/package/commander]. It has a backdoor in postinstall
script which downloads and evaluates the content of http://23.94.46.191/update.json
(which currently doesn't contain anything malicious).