npm

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A package manager for JavaScript
Version 10.5.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2554 8.1.4-1 8.4.1-1 Medium Fixed
AVG-1082 6.12.1-1 6.13.4-1 Medium Fixed
AVG-626 5.7.0-1 5.7.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-43616 AVG-2554 Medium Yes Insufficient validation 
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from...
CVE-2019-16777 AVG-1082 Medium Yes Arbitrary file overwrite 
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be...
CVE-2019-16776 AVG-1082 Medium Yes Arbitrary file overwrite 
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended...
CVE-2019-16775 AVG-1082 Medium Yes Arbitrary file overwrite 
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of the...
CVE-2018-7408 AVG-626 High No Access restriction bypass 
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm"...