Publicly accessible NPM Log file
There is a publicly accessible NPM Log file.
- npm
- logs
- exposure
The Node Package Manager (NPM) is a powerful package management utility that is used to install, uninstall, and manage libraries and dependencies in the Node.js platform.
Impact
The attacker may be able to retrieve sensitive information about the application and its development environment like version, dependency tree, environment variables, and other sensitive information that may help in an advanced targeted attack.
Solution
Restrict access to the NPM Log file with proper security controls.
References
Was this page helpful?