Affected script: "install-scripts:postinstall"
The script uses child_process.exec to execute complex commands which fetch and execute remote content. In particular, the use of
curl | sh is a security vulnerability, as it downloads a script from the internet and pipes it directly into the shell, thus executing it. This pattern is dangerous because it does not allow for the content to be reviewed before execution and can lead to the execution of a malicious script. Additionally, the installation of packages or software without proper verification can introduce malicious code into the system.
wasm-grate's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.