GHSA-jmqm-f2gx-4fjv

Описание

Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The cli supports URLs like <protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>. The password value is not redacted and is printed to stdout and also to any generated log files.