Cx65afcea4-5e85 @ Npm-event-pubsub-5.0.3

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/Cx65afcea4-5e85) about Cx65afcea4-5e85
**Applications:** [yael's application](https://deu.ast.checkmarx.net/applicationsAndProjects/applications?app=8af7454f-f6db-425f-a9a1-fb019c2f2cc7) 
**Checkmarx Project:** [Yoavast/CX\-AST](https://deu.ast.checkmarx.net/projects/41a8cb3d-c55b-472e-9595-36746c7958b7/overview?branch=main)
**Repository URL:** [https://github.com/Yoavast/CX\-AST](https://github.com/Yoavast/CX-AST)
**Branch:** main
**Severity:** MEDIUM
**State:** TO_VERIFY
**Status:** RECURRENT
**Scan ID:** [b70b7227\-90db\-4075\-88cb\-4c196077be97](https://deu.ast.checkmarx.net/projects/41a8cb3d-c55b-472e-9595-36746c7958b7/scans?id=b70b7227-90db-4075-88cb-4c196077be97&branch=main)


----
The Contributor of this package, npm user [riaevangelist](https://www.npmjs.com/~riaevangelist), previously seen corrupting one of his popular package [node-ipc](https://checkmarx.com/blog/protestware-politics-and-open-source-software/) infected with a malicious payload. [Read more](https://checkmarx.com/blog/protestware-politics-and-open-source-software/)
### About

We recommend freezing this package's version in your manifest file or consider finding an alternative to this package.

Relying on code from an unreliable contributors could damage the integrity of the code built depends on it. There is a risk this package may be corrupted as well in future versions.





----
**Additional Info**


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cx65afcea4-5e85 @ Npm-event-pubsub-5.0.3 #76

About

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cx65afcea4-5e85 @ Npm-event-pubsub-5.0.3 #76

Description

About

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions