1.0.2 • Published 8 years ago

gulo v1.0.2

Weekly downloads
4
License
GPL-3.0
Repository
github
Last release
8 years ago

gulo

This project serves as an example security flaw that npx typos can lead to.

I ran gulo. Has my data been compromised?

Well, it might have been compromised, but gulo had nothing to do with it; check gulo's source code. It just logs a warning.

How can I prevent arbitrary code execution?

  • Do not use npx directly. Look up --shell-auto-fallback.
  • Learn to type

I don't care. What's the "worst" that could be executed?

Anything that your machine user can run. And even more using privilege escalation. Consider your passwords leaked, bank accounts emptied and identity stolen.

gulpgulotypesquatnpxnpm
@infinitebrahmanuniverse/nolb-gulo@zalastax/nolb-gulo
1.0.2

8 years ago

1.0.1

8 years ago

1.0.0

8 years ago