Affected script: "install-scripts:install"
The script contains multiple security vulnerabilities. It uses execSync()
to execute system commands, which can lead to command injection attacks if any input used in these commands is not properly sanitized or comes from an untrusted source. Moreover, it downloads and executes a binary from the internet without any form of verification (e.g., checksums, digital signatures), leaving it open to malicious code execution if an attacker were to compromise the download source or perform a man-in-the-middle attack. Additionally, the use of rm -rf
with variables (e.g., ${binDir}/*
) may lead to unintentional deletion of files or directories if those variables are not properly controlled.
@fuel-ts/fuel-core
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|---|---|---|---|---|
node-fetch | 2.7.0 | 43.6 kB | MIT | prod |