Description
The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install)
Remediation
References
https://nodesecurity.io/advisories/483
Related Vulnerabilities
CVE-2017-7663 Vulnerability in maven package org.apache.openmeetings:openmeetings-core
CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar
CVE-2020-7763 Vulnerability in npm package phantom-html-to-pdf
CVE-2016-8739 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-extension-providers
CVE-2019-9737 Vulnerability in maven package org.webjars.npm:editor.md