1.0.2 • Published 4 years ago

vulnerable-js v1.0.2

Weekly downloads
3
License
MIT
Repository
github
Last release
4 years ago

vulnerable-js

Is your js project too clean? Has dependabot never sent you a security alert? Do tacobell employees use your project as an ingredient in their mild sauce?

Well no longer, thanks to vulnerable-js!

Overview

vulnerable-js introduces the following vulnerabilities into your project:

SeverityTypeSource
LowPrototype Pollutionlodash
LowPrototype Pollutionlodash
ModerateImproper Verification of Cryptographic Signaturejsrasign
ModeratePrototype Pollutionhoek
HighPrototype Pollutionlodash
HighPrototype Pollutionlodash
HighTiming Attackjsrasign
CriticalCommand Injectionbestzip
CriticalCommand Injectiongit-tags-remote

Note that none of these are actually run - they're included as transitive dependencies in your package-lock and are downloaded in your node_modules folder.

Installation

$ npm install vulnerable-js

That's it. Your project is now spicy.

Basic use

Wanna see the fireworks?

$ npm audit

License

MIT

vulnerabletest
bestzipgit-tags-remotehoekjsrsasignkerberoslodashserialize-javascript
@infinitebrahmanuniverse/nolb-vul@everything-registry/sub-chunk-3106
1.0.2

4 years ago

1.0.1

4 years ago

1.0.0

4 years ago