openssl for NPM is vulnerable to Command Injection. The vulnerability is due to the library accepting an opts
argument that includes a field which gets passed to the exec
function, resulting in arbitrary command injection. This package can be considered malicious, especially since the wrapper is described as having no real purpose.