EPSS
Percentile
53.8%
cross-env.js is a malicious typo-squatter package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables.
nodesecurity.io/advisories/520