| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
14 |
scripts/changelog.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
145 |
test/tap/version-lifecycle.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
1 |
test/tap/git-races.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
33 |
test/tap/legacy-array-bin.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
46 |
test/tap/publish-scoped.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
54 |
test/tap/splat-with-only-prerelease-to-latest.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
60 |
test/tap/splat-with-only-prerelease-to-latest.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
31 |
test/tap/search.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
59 |
test/tap/git-npmignore.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
1 |
test/tap/install-scoped-link.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
76 |
test/tap/optional-metadep-rollback-collision.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
150 |
test/tap/optional-metadep-rollback-collision.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
33 |
test/tap/legacy-dir-bin.js |
| Server Side Injection(SSI) - setInterval() |
User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
20 |
test/tap/lifecycle-signal.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
19 |
test/tap/publish-config.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
37 |
test/tap/locker.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
67 |
test/tap/locker.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
3 |
node_modules/osenv/osenv.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
16 |
node_modules/osenv/test/windows.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
627 |
node_modules/request/request.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
756 |
node_modules/request/request.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
773 |
node_modules/request/request.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
342 |
node_modules/request/node_modules/tough-cookie/lib/cookie.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
628 |
node_modules/request/node_modules/tough-cookie/lib/cookie.js |
| Weak Hash used - MD5 |
MD5 is a a weak hash which is known to have collision. Use a strong hashing function. |
371 |
node_modules/request/node_modules/bl/test/test.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
581 |
node_modules/request/node_modules/bl/test/test.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
583 |
node_modules/request/node_modules/bl/test/test.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
619 |
node_modules/request/node_modules/bl/test/test.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
1 |
node_modules/request/node_modules/form-data/node_modules/async/dist/async.min.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
196 |
node_modules/request/node_modules/form-data/node_modules/async/dist/async.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
659 |
node_modules/request/node_modules/form-data/node_modules/async/dist/async.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
196 |
node_modules/request/node_modules/form-data/node_modules/async/lib/async.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
659 |
node_modules/request/node_modules/form-data/node_modules/async/lib/async.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
6 |
node_modules/request/node_modules/node-uuid/test/compare_v1.js |
| Weak Hash used - MD5 |
MD5 is a a weak hash which is known to have collision. Use a strong hashing function. |
99 |
node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/utils.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
1285 |
node_modules/request/node_modules/hawk/node_modules/hoek/test/index.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
1889 |
node_modules/request/node_modules/hawk/node_modules/hoek/test/index.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
1902 |
node_modules/request/node_modules/hawk/node_modules/hoek/test/index.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
425 |
node_modules/request/node_modules/hawk/node_modules/sntp/test/index.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
112 |
node_modules/request/node_modules/hawk/node_modules/sntp/lib/index.js |
| Server Side Injection(SSI) - setInterval() |
User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
370 |
node_modules/request/node_modules/hawk/node_modules/sntp/lib/index.js |
| SSRF - Server Side Request Forgery |
User controlled data in 'request()'' can result in Server Side Request Forgery (SSRF). |
4 |
node_modules/request/node_modules/hawk/example/usage.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
69 |
node_modules/request/lib/oauth.js |
| Weak Hash used - MD5 |
MD5 is a a weak hash which is known to have collision. Use a strong hashing function. |
38 |
node_modules/request/lib/helpers.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
93 |
node_modules/rimraf/rimraf.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
100 |
node_modules/rimraf/rimraf.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
194 |
node_modules/asap/browser-raw.js |
| Server Side Injection(SSI) - setInterval() |
User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
198 |
node_modules/asap/browser-raw.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
33 |
node_modules/uid-number/uid-number.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
486 |
node_modules/read-package-json/node_modules/glob/glob.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
22 |
node_modules/config-chain/test/chain-class.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
496 |
node_modules/glob/glob.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
5 |
node_modules/node-gyp/test/test-find-python.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
4 |
node_modules/node-gyp/test/test-addon.js |
| Server Side Injection(SSI) - new Function() |
User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
3 |
node_modules/node-gyp/node_modules/path-array/node_modules/array-index/node_modules/es6-symbol/node_modules/es5-ext/global.js |
| Server Side Injection(SSI) - new Function() |
User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
6 |
node_modules/node-gyp/node_modules/path-array/node_modules/array-index/node_modules/es6-symbol/node_modules/es5-ext/test/function/valid-function.js |
| Server Side Injection(SSI) - new Function() |
User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
32 |
node_modules/node-gyp/node_modules/path-array/node_modules/array-index/node_modules/es6-symbol/node_modules/es5-ext/function/_define-length.js |
| Server Side Injection(SSI) - new Function() |
User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
11 |
node_modules/node-gyp/node_modules/path-array/node_modules/array-index/node_modules/es6-symbol/node_modules/es5-ext/function/#/copy.js |
| Server Side Injection(SSI) - new Function() |
User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
6 |
node_modules/node-gyp/node_modules/path-array/node_modules/array-index/node_modules/es6-symbol/node_modules/es5-ext/object/unserialize.js |
| SSRF - Server Side Request Forgery |
User controlled data in 'request()'' can result in Server Side Request Forgery (SSRF). |
22 |
node_modules/node-gyp/lib/install.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
15 |
node_modules/node-gyp/lib/build.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
153 |
node_modules/lockfile/lockfile.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
251 |
node_modules/lockfile/lockfile.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
29 |
node_modules/lockfile/test/stale-contention.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
41 |
node_modules/lockfile/test/stale-contention.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
42 |
node_modules/lockfile/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
109 |
node_modules/lockfile/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
122 |
node_modules/lockfile/test/basic.js |
| Server Side Injection(SSI) - setInterval() |
User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
240 |
node_modules/lockfile/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
31 |
node_modules/lockfile/test/retry-time.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
59 |
node_modules/lockfile/test/retry-time.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
26 |
node_modules/init-package-json/test/scope.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
29 |
node_modules/init-package-json/test/scope.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
32 |
node_modules/init-package-json/test/scope.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
8 |
node_modules/init-package-json/test/lib/common.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
486 |
node_modules/init-package-json/node_modules/glob/glob.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
23 |
node_modules/init-package-json/node_modules/promzard/test/simple.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
27 |
node_modules/init-package-json/node_modules/promzard/test/simple.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
39 |
node_modules/init-package-json/node_modules/promzard/test/fn.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
42 |
node_modules/init-package-json/node_modules/promzard/test/fn.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
45 |
node_modules/init-package-json/node_modules/promzard/test/fn.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
19 |
node_modules/init-package-json/node_modules/promzard/test/exports.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
22 |
node_modules/init-package-json/node_modules/promzard/test/exports.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
14 |
node_modules/init-package-json/node_modules/promzard/test/validate.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
17 |
node_modules/init-package-json/node_modules/promzard/test/validate.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
22 |
node_modules/fs-write-stream-atomic/test/slow-close.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
8 |
node_modules/fs-write-stream-atomic/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
62 |
node_modules/fs-write-stream-atomic/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
71 |
node_modules/fs-write-stream-atomic/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
80 |
node_modules/fs-write-stream-atomic/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
25 |
node_modules/dezalgo/test/basic.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
5 |
node_modules/npmlog/node_modules/are-we-there-yet/test/lib/test-event.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
16 |
node_modules/npmlog/node_modules/are-we-there-yet/test/lib/test-event.js |
| Server Side Injection(SSI) - setInterval() |
User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
148 |
node_modules/npmlog/node_modules/gauge/index.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
49 |
node_modules/tar/test/extract-move.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
51 |
node_modules/tar/test/extract-move.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
29 |
node_modules/tar/node_modules/block-stream/bench/dropper.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
52 |
node_modules/tar/node_modules/block-stream/bench/dropper.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
53 |
node_modules/tar/node_modules/block-stream/bench/dropper.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
30 |
node_modules/tar/node_modules/block-stream/bench/dropper-pause.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
54 |
node_modules/tar/node_modules/block-stream/bench/dropper-pause.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
55 |
node_modules/tar/node_modules/block-stream/bench/dropper-pause.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
30 |
node_modules/tar/node_modules/block-stream/bench/block-stream-pause.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
54 |
node_modules/tar/node_modules/block-stream/bench/block-stream-pause.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
55 |
node_modules/tar/node_modules/block-stream/bench/block-stream-pause.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
29 |
node_modules/tar/node_modules/block-stream/bench/block-stream.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
52 |
node_modules/tar/node_modules/block-stream/bench/block-stream.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
53 |
node_modules/tar/node_modules/block-stream/bench/block-stream.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
57 |
node_modules/tar/node_modules/block-stream/test/pause-resume.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
58 |
node_modules/tar/node_modules/block-stream/test/pause-resume.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
29 |
node_modules/tar/node_modules/block-stream/test/thorough.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
52 |
node_modules/tar/node_modules/block-stream/test/thorough.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
53 |
node_modules/tar/node_modules/block-stream/test/thorough.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
29 |
node_modules/tar/node_modules/block-stream/test/nopad-thorough.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
52 |
node_modules/tar/node_modules/block-stream/test/nopad-thorough.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
53 |
node_modules/tar/node_modules/block-stream/test/nopad-thorough.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
30 |
node_modules/tar/lib/extended-header.js |
| Server Side Injection(SSI) - new Function() |
User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
42 |
node_modules/retry/test/integration/test-retry-operation.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
46 |
node_modules/retry/lib/retry_operation.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
50 |
node_modules/retry/lib/retry_operation.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
83 |
node_modules/retry/lib/retry_operation.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
75 |
node_modules/fstream/examples/filter-pipe.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
70 |
node_modules/fstream/examples/pipe.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
7 |
node_modules/npm-registry-client/test/adduser-update.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
8 |
node_modules/npm-registry-client/test/adduser-update.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
10 |
node_modules/npm-registry-client/test/adduser.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
11 |
node_modules/npm-registry-client/test/adduser.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
7 |
node_modules/npm-registry-client/test/adduser-new.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
8 |
node_modules/npm-registry-client/test/adduser-new.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
38 |
node_modules/npm-registry-client/test/publish-scoped-auth-token.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
21 |
node_modules/npm-registry-client/test/request.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
22 |
node_modules/npm-registry-client/test/request.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
17 |
node_modules/npm-registry-client/test/fetch-basic.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
18 |
node_modules/npm-registry-client/test/fetch-basic.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
10 |
node_modules/npm-registry-client/test/stars.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
11 |
node_modules/npm-registry-client/test/stars.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
45 |
node_modules/npm-registry-client/test/publish-scoped.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
10 |
node_modules/npm-registry-client/test/tag.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
11 |
node_modules/npm-registry-client/test/tag.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
11 |
node_modules/npm-registry-client/test/publish-failed-no-message.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
12 |
node_modules/npm-registry-client/test/publish-failed-no-message.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
12 |
node_modules/npm-registry-client/test/publish.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
13 |
node_modules/npm-registry-client/test/publish.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
189 |
node_modules/npm-registry-client/test/publish.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
10 |
node_modules/npm-registry-client/test/publish-new-mixcase-name.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
11 |
node_modules/npm-registry-client/test/publish-new-mixcase-name.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
56 |
node_modules/npm-registry-client/test/publish-new-mixcase-name.js |
| Username Hardcoded |
A hardcoded username in plain text was identified. Store it properly in a config file. |
12 |
node_modules/npm-registry-client/test/star.js |
| Password Hardcoded |
A hardcoded password in plain text was identified. Store it properly in a config file. |
13 |
node_modules/npm-registry-client/test/star.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
14 |
node_modules/npm-registry-client/test/lib/server.js |
| Server Side Injection(SSI) - new Function() |
User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
42 |
node_modules/npm-registry-client/node_modules/retry/test/integration/test-retry-operation.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
40 |
node_modules/npm-registry-client/node_modules/retry/lib/retry_operation.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
44 |
node_modules/npm-registry-client/node_modules/retry/lib/retry_operation.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
69 |
node_modules/npm-registry-client/node_modules/retry/lib/retry_operation.js |
| SSRF - Server Side Request Forgery |
User controlled data in 'request()'' can result in Server Side Request Forgery (SSRF). |
14 |
node_modules/npm-registry-client/lib/request.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
15 |
node_modules/npm-registry-client/lib/stars.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
90 |
node_modules/npm-registry-client/lib/publish.js |
| SSRF - Server Side Request Forgery |
User controlled data in 'request()'' can result in Server Side Request Forgery (SSRF). |
4 |
node_modules/npm-registry-client/lib/fetch.js |
| Server Side Injection(SSI) - setTimeout() |
User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
71 |
node_modules/read/lib/read.js |
| Remote OS Command Execution |
User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. |
7 |
lib/utils/git.js |
| Server Side Injection(SSI) - setInterval() |
User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). |
12 |
lib/utils/pulse-till-done.js |
| Weak Hash used - SHA1 |
SHA1 is a a weak hash which is known to have collision. Use a strong hashing function. |
15 |
lib/utils/locker.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
72 |
lib/cache/update-index.js |
| Key Hardcoded |
A hardcoded key in plain text was identified. |
36 |
lib/cache/add-named.js |