Note: Vulnerabilities in npm packages should be reported directly to the package maintainers. We strongly advise doing this privately. You can find contact information about package maintainers with
npm owner ls <package-name>. If the source code is hosted on GitHub please refer to the repository's Security Policy.
Malware is a major concern for npm Security and we have removed hundreds of malicious packages from the registry. For every malware report we receive, npm Security takes the following actions:
As part of our process we determine whether the user account who uploaded the package should be banned. We also cooperate with 3rd parties when applicable.
© npm, Inc. and Contributors
Licensed under the npm License.
npm is a trademark of npm, Inc.