Skip to content

Commit

Permalink
Merge pull request #107952 from justinsteven/bugfix/fix_CVE-2020-16881_…
Browse files Browse the repository at this point in the history 
…bypass

Fix a bypass for CVE-2020-16881
  • Loading branch information
@aeschli
aeschli authored Oct 2, 2020
2 parents 247e5dc + 7c91cee commit a914a30
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions extensions/npm/src/features/packageJSONContribution.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,8 +282,8 @@ export class PackageJSONContribution implements IJSONContribution {

private npmView(pack: string): Promise<ViewPackageInfo | undefined> {
return new Promise((resolve, _reject) => {
const command = 'npm view --json ' + pack + ' description dist-tags.latest homepage version';
cp.exec(command, (error, stdout) => {
const args = ['view', '--json', pack, 'description', 'dist-tags.latest', 'homepage', 'version'];
cp.execFile('npm', args, (error, stdout) => {
if (!error) {
try {
const content = JSON.parse(stdout);
Expand Down

0 comments on commit a914a30

Please sign in to comment.