Publicly accessible NPM Log file
There is a publicly accessible NPM Log file.
The Node Package Manager (NPM) is a powerful package management utility that is used to install, uninstall, and manage libraries and dependencies in the Node.js platform.
The attacker may be able to retrieve sensitive information about the application and its development environment like version, dependency tree, environment variables, and other sensitive information that may help in an advanced targeted attack.
Restrict access to the NPM Log file with proper security controls.
Was this page helpful?