GitHub - icatalina/CVE-2021-43616: Repo demonstrating CVE-2021-43616 / https://github.com/npm/cli/issues/2701

Repo demonstrating CVE-2021-43616 / npm/cli#2701

Remove the node_modules folder and run npx npm@8 ci, you can see how npm will install version 2.2.x (2.2.16 at the time of this commit) even though package-lock.json requires 2.0.0

cat node_modules/shortid/package.json

I've commited the node_modules from the original install so the issue is obvious after running npm ci

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
node_modules		node_modules
README.md		README.md
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

icatalina/CVE-2021-43616

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages