Hold on, we're currently generating a fresh version of this report

⚠️ This package seems to have moderate severity install script vulnerabilities

Affected script: "install-scripts:postinstall"

The script downloads an installation script from a URL (https://sh.rustup.rs) and executes it immediately without any checks for integrity or source validation. This could potentially enable remote command execution if the referenced URL is compromised. Furthermore, the script allows to execute shell commands using exec, which is a potential security vulnerability as it can allow arbitrary command execution.

Generated on Apr 28, 2024 via pnpm

wasm-grate 0.1.23

Analyzes JS projects for potential WebAssembly migration points.

Package summary

2

issues

1

license

Package created

29 Oct 2023

Version published

4 Nov 2023

Maintainers

1

Total deps

1

Direct deps

0

License

ISC

Issues

2

1 high severity issue

wasm-grate@0.1.23

Package uses postinstall script: "node ./pre-install.js"

via: wasm-grate@0.1.23

1 moderate severity issue

wasm-grate@0.1.23

Package has no specified source code repository

via: wasm-grate@0.1.23

Licenses

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

wasm-grate@0.1.23

Direct Dependencies

0

All Dependencies CSV

ⓘ This is a list of wasm-grate 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities

All Versions