Spectra Assure
Community
Docs
failIncident: Malware
Scanned: about 1 month ago

chokidar

malicious
Top 1k
A neat wrapper around node.js fs.watch / fs.watchFile / fsevents.
License: Permissive (MIT)
Published: over 6 years ago
See on npm

SAFE Assessment

Compliance

Licenses
No license compliance issues
Secrets
No sensitive information found

Security

Vulnerabilities
2 severe vulnerabilities exploited
Hardening
No application hardening issues

Threats

Tampering
No evidence of software tampering
Malware
1 malicious dependencies found

INCIDENTS:

malware
7 months agoReported By: ReversingLabs (Automated)
Learn more about malware detection
List of known vulnerabilities affecting the software package and the components it embeds. Last refreshed on: 2025/09/23
All detected vulnerabilities are fixable
Run the update/upgrade command in your package manager to resolve the detected vulnerabilities
CVSS Score
CVE
Name
Tags
critical
9.8
CVE-2023-45311
Exploits Exist
Fix Available
Vulnerability Triaged
high
7.5
CVE-2020-28469
Exploits Exist
Fix Available
high
7.5
CVE-2024-4068
Exploits Exist
Fix Available

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.