Affected script: "install-scripts:install"
This script automatically downloads and installs binaries from the internet without any sort of integrity checking or signature verification. It executes shell commands, removes directories, writes files, and renames them based on an externally defined version, which could be manipulated for malicious purposes. An attacker could potentially serve a malicious package, and this script would download and execute the content, potentially compromising the system.
@fuel-ts/fuel-core
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|---|---|---|---|---|
node-fetch | 2.7.0 | 43.6 kB | MIT | prod |