|
|
|
|
|
|
by heijmans
1609 days ago
|
|
|
See also https://github.com/npm/cli/issues/2701 I think this is quite a serious issue which has been open for almost a year. I don't understand why there hasn't been a reaction from the npm developers on the issue (as far as I can see). npm 8.3.1 (the current version) is still vulnerable. It might not be directly exploitable but it can leave you open for all kinds of security and/or stability issues. It is also a regression from npm 6. |
|
|