balderdashy/enpeem

Releases8

Frequency4 months 3 weeks

Last Release over 9 years ago

Stars19

Lightweight wrapper for accessing npm programmatically (alternative to adding `npm` as a dependency)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-10801 ↗	Feb 28, 2020Friday, 28 February 2020, 21:15	9.8 CRITICAL	7.5 HIGH
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization.