Malicious Package

Overview engine.io-client-v3 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

1tp (>=0.0.1 <=0.11.2), 5aces-service-registry (=1.0.1) +498 more potentially affected by CVE-2016-10536 via engine.io-client (>=0.1.0 <=1.6.8)

engine.io-client NPM version =0.1.0, =0.0.1, =1.0.1, =0.12.0-edge9, =0.0.1, =1.8.4, =1.0.0, =1.0.30, =0.1.0, =2.0.0-beta.1, =3.6.0, =3.7.0 and more Source cves: CVE-2016-10536 Source advisory: OSV:GHSA-4R4M-HJWJ-43P8...