GET

Package Instance

Lookup for vulnerable packages by Package URL.

GET /api/packages/56088?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/56088?format=api",
    "purl": "pkg:npm/eslint-scope@3.7.2",
    "type": "npm",
    "namespace": "",
    "name": "eslint-scope",
    "version": "3.7.2",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "3.7.3",
    "latest_non_vulnerable_version": "3.7.3",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40082?format=api",
            "vulnerability_id": "VCID-h8h4-ckbc-dba7",
            "summary": "Malicious Package\nof `eslint-scope` was published without authorization and was found to contain malicious code. This code would read the users `.npmrc` file and send any found authentication tokens to 2 remote servers. The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens",
            "references": [
                {
                    "reference_url": "https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes"
                },
                {
                    "reference_url": "https://github.com/eslint/eslint-scope/issues/39",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/eslint/eslint-scope/issues/39"
                },
                {
                    "reference_url": "https://snyk.io/vuln/SNYK-JS-ESLINTSCOPE-11120",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://snyk.io/vuln/SNYK-JS-ESLINTSCOPE-11120"
                },
                {
                    "reference_url": "https://www.npmjs.com/advisories/673",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://www.npmjs.com/advisories/673"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-hxxf-q3w9-4xgw",
                    "reference_id": "GHSA-hxxf-q3w9-4xgw",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-hxxf-q3w9-4xgw"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56089?format=api",
                    "purl": "pkg:npm/eslint-scope@3.7.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/eslint-scope@3.7.3"
                }
            ],
            "aliases": [
                "GHSA-hxxf-q3w9-4xgw",
                "GMS-2018-33",
                "GMS-2018-34"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8h4-ckbc-dba7"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/eslint-scope@3.7.2"
}