Last 12 weeks · 0 commits
4 of 6 standards met
hi, we are a security team. We found a Prototype Pollution vulnerability in your project. Package Name: merge-descriptors Version: Latest version Vulnerability Description merge-descriptors uses Object.getOwnPropertyNames and Object.defineProperty to copy property descriptors. Although it only copies own properties, pollution may still spread if the source object itself is constructed through prototype pollution. Vulnerable Code Location merge-descriptors/index.js: POC Verification
Repository: sindresorhus/merge-descriptors. Description: Merge objects using their property descriptors Stars: 157, Forks: 29. Primary language: JavaScript. Languages: JavaScript (100%). License: MIT. Latest release: v2.0.0 (2y ago). Open PRs: 0, open issues: 0. Last activity: 2y ago. Community health: 85%. Top contributors: dougwilson, sindresorhus, jonathanong, grabbou, PixnBits, nook-scheel.