Severity: low

    Symlink reference outside of node_modules



    Versions of bin-links prior to 1.1.5 are vulnerable to a Symlink reference outside of node_modules. It is possible to create symlinks to files outside of thenode_modules folder through the bin field. This may allow attackers to access unauthorized files.


    Upgrade to version 1.1.5 or later.

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      Dec 12th, 2019
    2. reported

      Reported by Daniel Ruf
      Dec 11th, 2019