npm packages that overlap with core node packages
High
Vulnerability Details
Hi,
I have [posted here](https://github.com/npm/registry/issues/306), but I wanted to make you aware of this easy social engineering trick. I do not want to claim any of these are currently malicious, but it they easily could be.
Thanks,
Marc
## Impact
The attacker could do anything...use the postinstall as the user, work the same as steal data, etc.
Actions
View on HackerOneReport Stats
- Report ID: 333459
- State: Closed
- Substate: informative