Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
⚠️ This package seems to have critical severity install script vulnerabilities

Affected script: "install-scripts:preinstall"

The script uses curl to send the contents of the '/etc/passwd' file to a remote server. The '/etc/passwd' file contains user account information, which can be sensitive. The hostname is used to compose the URL, which indicates that the data is being exfiltrated to a potentially malicious endpoint controlled by the attacker (indicated by the seemingly randomized subdomain on oastify.com, which could represent a domain used for receiving out-of-band application security test responses). This is a clear sign of an attempt to steal sensitive information.

Generated on Feb 1, 2024 via pnpm

@atea/warranty-form 13001.0.0

hello_atea
Package summary
Share
4
issues
2
critical severity
vulnerability
2
1
high severity
meta
1
1
moderate severity
meta
1
1
license
1
ISC
Package created
10 Nov 2023
Version published
10 Nov 2023
Maintainers
1
Total deps
1
Direct deps
0
License
ISC

Issues

4

2 critical severity issues

critical
Recommendation: None
via: @atea/warranty-form@13001.0.0
Recommendation: None
via: @atea/warranty-form@13001.0.0
Collapse
Expand

1 high severity issue

high
via: @atea/warranty-form@13001.0.0
Collapse
Expand

1 moderate severity issue

moderate
via: @atea/warranty-form@13001.0.0
Collapse
Expand

Licenses

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
@atea/warranty-form@13001.0.0
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

0
All Dependencies CSV
β“˜ This is a list of @atea/warranty-form 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities

Visualizations