In file lib/index.js the following use of eval is dangerous
var requiredModules = eval('(' + requires[i]).requires;
A malicious package may place a require clause that would lead to code execution. Either validate all inputs passed to eval using a regex or use a more advanced sanitization library like:
https://github.com/cristianstaicu/eval-sanitizer
In file lib/index.js the following use of eval is dangerous
A malicious package may place a require clause that would lead to code execution. Either validate all inputs passed to eval using a regex or use a more advanced sanitization library like: https://github.com/cristianstaicu/eval-sanitizer