Global node_modules Binary Overwritebin-links
bin-links prior to 1.1.6 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent globally-installed binaries to be overwritten by other package installs. For example, if a package was installed globally and created a
serve binary, any subsequent installs of packages that also create a
serve binary would overwrite the first binary. This behavior is still allowed in local installations.
Upgrade to version 1.1.6 or later.
publishedAdvisory PublishedDec 12th, 2019
reportedReported by Daniel RufDec 11th, 2019