{"id":42649,"date":"2021-09-02T15:05:17","date_gmt":"2021-09-02T15:05:17","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32614\/NPM-Package-With-3-Million-Weekly-Downloads-Had-A-Severe-Vuln.html"},"modified":"2021-09-02T15:05:17","modified_gmt":"2021-09-02T15:05:17","slug":"npm-package-with-3-million-weekly-downloads-had-a-severe-vuln","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/","title":{"rendered":"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/software-code-800x534.jpg\" alt=\"NPM package with 3 million weekly downloads had a severe vulnerability\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"14 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vulnerability\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">16<\/span> <span class=\"visually-hidden\"> with 14 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 1179:single\/related:f949c0944a37d98a2387e43c4e0d108e --><!-- empty --><\/p>\n<p>Popular NPM package &#8220;pac-resolver&#8221; has fixed a severe remote code execution (RCE) flaw.<\/p>\n<p>The pac-resolver package receives <a href=\"https:\/\/www.npmjs.com\/package\/pac-resolver\" target=\"_blank\" rel=\"noopener\">over 3 million<\/a> weekly downloads, extending this vulnerability to Node.js applications relying on the open source dependency. Pac-resolver touts itself as a module that accepts JavaScript proxy configuration files and generates a function for your app to map certain domains to use a proxy.<\/p>\n<h2>To proxy or not to proxy<\/h2>\n<p>This week, developer <a href=\"https:\/\/twitter.com\/pimterry\" target=\"_blank\" rel=\"noopener\">Tim Perry<\/a>&nbsp;disclosed a high-severity flaw in pac-resolver that can enable threat actors on the local network to run arbitrary code within your Node.js process whenever it attempts to make an HTTP request.<\/p>\n<p>While adding proxy support to his <a href=\"https:\/\/httptoolkit.tech\/\" target=\"_blank\" rel=\"noopener\">HTTP Toolkit<\/a>, Perry began auditing the pac-resolver code and came across the security issue.&nbsp;Tracked as&nbsp;<a href=\"https:\/\/snyk.io\/vuln\/SNYK-JS-PACRESOLVER-1564857\" target=\"_blank\" rel=\"noopener\">CVE-2021-23406<\/a>, the vulnerability has to do with how Proxy Auto-Config (PAC) files are processed by the module. PAC files consist of JavaScript code specifying a proxy configuration\u2014which network requests should go over a proxy and which should go out directly. For example, in a PAC file, network administrators can explicitly specify a network proxy through which all traffic should be routed and show domains that are exempted from the requirement:<\/p>\n<pre>function FindProxyForURL(url, host) {\n\/\/ Send all *.example requests directly with no proxy:\nif (dnsDomainIs(host, '.example.com')) {\nreturn 'DIRECT';\n} \/\/ Send every other request via this proxy:\nreturn 'PROXY proxy.example.com:8080';\n}\n<\/pre>\n<p>In the example above, network requests to &#8220;example.com&#8221; will bypass the proxy, whereas the rest of the traffic is instructed to go through a proxy server.<\/p>\n<p>Originally introduced as part of Netscape Navigator 2.0 in 1996, the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Proxy_auto-config\" target=\"_blank\" rel=\"noopener\">PAC standard<\/a>&nbsp;remains relevant and in widespread use today. For example, Web Proxy Auto-Discovery Protocol (WAPD) uses DNS and\/or DHCP services to locate PAC files on a network and import the proxy configuration into an application. However, as proxy configurations become larger, the JavaScript code in a PAC file can get increasingly complex and is ideally designed to run in a virtualized environment (VM).<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<h2>Few lines of JavaScript can bypass VM, lead to RCE<\/h2>\n<p>And that&#8217;s where the problem begins.<\/p>\n<p>For example, a related NPM package called&nbsp;<a href=\"https:\/\/www.npmjs.com\/package\/pac-proxy-agent\" target=\"_blank\" rel=\"noopener\">Pac-Proxy-Agent<\/a>,&nbsp;which is made by the same author and has over 2 million weekly downloads, provides PAC file support to Node.js applications. Pac-Proxy-Agent does so by taking in the URL to a PAC file, retrieving the file, and then acting as a Node.js HTTP agent handling outgoing requests for your application. But Pac-Proxy-Agent fails to sandbox PAC files correctly because it uses the vulnerable pac-resolver module, which further relies on &#8220;degenerator&#8221; to&nbsp;build the PAC function.<\/p>\n<p>Degenerator is yet another package by the <a href=\"https:\/\/www.npmjs.com\/~tootallnate\" target=\"_blank\" rel=\"noopener\">same author<\/a>&nbsp;that helps transform arbitrary code into a sandboxed function using Node.js&#8217; &#8220;VM&#8221; module. But the VM module was never designed to be used as a security mechanism, something that is explicitly <a href=\"https:\/\/nodejs.org\/api\/vm.html#vm_vm_executing_javascript\" target=\"_blank\" rel=\"noopener\">spelled out<\/a> in Node.js docs. Therefore, the output from degenerator\u2014when used by a chain of packages like pac-resolver, Pac-Proxy-Agent, and proxy-agent\u2014poses a security risk.<\/p>\n<p>Referring to a disclaimer in Node docs saying, &#8220;vm module is not a security mechanism. Do not use it to run untrusted code,&#8221;&nbsp;<a href=\"https:\/\/httptoolkit.tech\/blog\/npm-pac-proxy-agent-vulnerability\/\" target=\"_blank\" rel=\"noopener\">Perry said in a blog post<\/a>, &#8220;This is an easy mistake to make\u2014it&#8217;s small text (frankly, it should be the headline on that page and next to every method) and MongoDB did the <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-10758\" target=\"_blank\" rel=\"noopener\">exact same thing<\/a> too in 2019, with even worse consequences.&#8221;<\/p>\n<p>Perry explained further that &#8220;this creates a big problem. While VM does try to create an isolated environment in a separate context, there&#8217;s a long list of easy ways to access the original context and break out of the sandbox entirely&#8230; allowing code inside the &#8216;sandbox&#8217; to basically do anything it likes on your system.&#8221;<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>With that, Perry shared a proof-of-concept exploit code demonstrating how an attacker can break out of the VM:<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/npm-rce-proxy-exploit.jpg\" class=\"enlarge\" data-height=\"722\" data-width=\"1548\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/npm-rce-proxy-exploit-640x299.jpg\" width=\"640\" height=\"299\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/09\/npm-rce-proxy-exploit-1280x597.jpg 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>&#8220;That&#8217;s it\u2014this is all that&#8217;s required to break out of the VM module sandbox. If you can make a vulnerable target use this PAC file as their proxy configuration, then you can run arbitrary code on their machine,&#8221; he explained.<\/p>\n<p>The vulnerability seriously impacts those who use pac-resolver versions prior to 5.0.0, even transitively in their Node.js application, and:<\/p>\n<ul>\n<li>Explicitly use PAC files for proxy configuration or<\/li>\n<li>Read and use the operating system proxy configuration in Node.js on systems with WPAD enabled or<\/li>\n<li>Use proxy configuration (<code>env<\/code> vars, config files, remote config endpoints, command-line arguments) from an untrusted source<\/li>\n<\/ul>\n<p>A remote attacker can, in any of these scenarios, configure a malicious PAC URL and run arbitrary code on a computer any time an HTTP request is made using the proxy configuration.<\/p>\n<p>The fix for pac-resolver in version 5.0.0 consists of simply <a href=\"https:\/\/github.com\/TooTallNate\/node-pac-resolver\/commit\/af3c42eb4df7f86a120129d631a31176c41383e9#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R11\" target=\"_blank\" rel=\"noopener\">bumping up<\/a>&nbsp;the degenerator version to 3.0.1. The core fix went into degenerator itself and implements a stronger&nbsp;<a href=\"https:\/\/github.com\/TooTallNate\/node-degenerator\/commit\/852043f9621f098ccf3a577a1d9a2ed0de20f402#diff-a2a171449d862fe29692ce031981047d7ab755ae7f84c707aef80701b3ea0c80R6\" target=\"_blank\" rel=\"noopener\">sandboxing mechanism<\/a>&nbsp;via the vm2 module to &#8220;prevent privilege escalation of untrusted code.&#8221;<\/p>\n<p>Perry thanked Snyk for supporting the developer throughout the coordinated vulnerability disclosure process.<\/p>\n<p>Affected developers should upgrade to pac-resolver version 5.0.0 or above to fix this severe vulnerability in their applications.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32614\/NPM-Package-With-3-Million-Weekly-Downloads-Had-A-Severe-Vuln.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42650,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[256],"class_list":["post-42649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NPM Package With 3 Million Weekly Downloads Had A Severe Vuln 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-02T15:05:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln\",\"datePublished\":\"2021-09-02T15:05:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/\"},\"wordCount\":849,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg\",\"keywords\":[\"headline,hacker,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/\",\"name\":\"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg\",\"datePublished\":\"2021-09-02T15:05:17+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflaw\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/","og_locale":"en_US","og_type":"article","og_title":"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-09-02T15:05:17+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln","datePublished":"2021-09-02T15:05:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/"},"wordCount":849,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg","keywords":["headline,hacker,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/","url":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/","name":"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg","datePublished":"2021-09-02T15:05:17+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/09\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/npm-package-with-3-million-weekly-downloads-had-a-severe-vuln\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflaw\/"},{"@type":"ListItem","position":3,"name":"NPM Package With 3 Million Weekly Downloads Had A Severe Vuln"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42649"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42649\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42650"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}