Affected script: "install-scripts:postinstall"
The script poses several security vulnerabilities. Firstly, it executes a shell command with a parameter variable that it doesn't sanitize, which could lead to command injection if a malicious npm config feature is set. Secondly, it downloads and executes a shell script from the internet (rustup installation script) directly without any kind of verification. If the DNS request was to be hijacked, or if the Rust server was compromised, malicious code could be executed. This type of blind trust in remote resources presents a security risk.
wasm-grate
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|