Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files.
The cli supports URLs like <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.
Affected versions of
npm-registry-fetchare vulnerable to an information exposure vulnerability through log files. The cli supports URLs like<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.