Affected versions of this package are vulnerable to Arbitrary File Write.
It fails to prevent access to folders outside of the intended
node_modules folder through the bin field.
npm, a properly constructed entry in the
package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user’s system when the package is installed. This behaviour is possible through install scripts. This vulnerability bypasses a user using the
--ignore-scripts install option.
npm to version 6.13.3 or higher.