Hold on, we're currently generating a fresh version of this report

⚠️ This package seems to have high severity install script vulnerabilities

Affected script: "install-scripts:postinstall"

The script contains a command execution vulnerability. The code uses the "child_process" module's "exec" function to execute shell commands. This could allow an attacker to execute arbitrary commands remotely from within the application because the function's parameter is a string of command line instructions instead of specific command arguments.

Furthermore, the script attempts to download and execute Rust toolchain from a URL via a curl command. If an attacker manages to substitute the URL with a malicious one, it could lead to the download and execution of arbitrary malicious code.

Generated on Mar 18, 2024 via pnpm

wasm-grate 0.2.2

Analyzes JS projects for potential WebAssembly migration points.

Package summary

2

issues

1

license

Package created

29 Oct 2023

Version published

5 Nov 2023

Maintainers

1

Total deps

1

Direct deps

0

License

ISC

Issues

2

1 high severity issue

wasm-grate@0.2.2

Package uses postinstall script: "node ./pre-install.js"

via: wasm-grate@0.2.2

1 moderate severity issue

wasm-grate@0.2.2

Package has no specified source code repository

via: wasm-grate@0.2.2

Licenses

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

wasm-grate@0.2.2

Direct Dependencies

0

All Dependencies CSV

ⓘ This is a list of wasm-grate 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities

All Versions