⚠️ This package seems to have critical severity install script vulnerabilities

Affected script: "install-scripts:postinstall"

The script uses child_process.exec to execute complex commands which fetch and execute remote content. In particular, the use of curl | sh is a security vulnerability, as it downloads a script from the internet and pipes it directly into the shell, thus executing it. This pattern is dangerous because it does not allow for the content to be reviewed before execution and can lead to the execution of a malicious script. Additionally, the installation of packages or software without proper verification can introduce malicious code into the system.

Generated on May 2, 2024 via pnpm

wasm-grate 0.3.0

Analyzes JS projects for potential WebAssembly migration points.

Package summary

2

issues

1

license

Package created

29 Oct 2023

Version published

11 Nov 2023

Maintainers

1

Total deps

1

Direct deps

0

License

ISC

Issues

2

1 high severity issue

wasm-grate@0.3.0

Package uses postinstall script: "node ./pre-install.js"

via: wasm-grate@0.3.0

1 moderate severity issue

wasm-grate@0.3.0

Package has no specified source code repository

via: wasm-grate@0.3.0

Licenses

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

wasm-grate@0.3.0

Direct Dependencies

0

All Dependencies CSV

ⓘ This is a list of wasm-grate 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities

All Versions