{"id":2424389,"name":"sync-exec","ecosystem":"npm","description":"Synchronous exec with status code support. Requires no external dependencies, no need for node-gyp compilations etc.","homepage":"https://github.com/gvarsanyi/sync-exec","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/gvarsanyi/sync-exec","keywords_array":["exec","execSync","fs","sync","synchronous","status code","status"],"namespace":null,"versions_count":8,"first_release_published_at":"2014-03-24T21:38:35.397Z","latest_release_published_at":"2015-08-24T16:52:25.770Z","latest_release_number":"0.6.2","last_synced_at":"2026-04-25T10:02:11.429Z","created_at":"2022-04-10T01:35:38.315Z","updated_at":"2026-04-25T10:02:11.430Z","registry_url":"https://www.npmjs.com/package/sync-exec","install_command":"npm install sync-exec","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"0.6.2"}},"repo_metadata":{"id":15347112,"uuid":"18077839","full_name":"gvarsanyi/sync-exec","owner":"gvarsanyi","description":"node/npm module to imitate fs.execSync","archived":false,"fork":false,"pushed_at":"2020-08-25T10:47:55.000Z","size":323,"stargazers_count":39,"open_issues_count":5,"forks_count":13,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-04-25T21:44:52.839Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"CoffeeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gvarsanyi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-03-24T20:36:06.000Z","updated_at":"2024-01-24T08:59:38.000Z","dependencies_parsed_at":"2022-09-01T00:22:19.786Z","dependency_job_id":null,"html_url":"https://github.com/gvarsanyi/sync-exec","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gvarsanyi","download_url":"https://codeload.github.com/gvarsanyi/sync-exec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":217590368,"owners_count":16201362,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"gvarsanyi","name":null,"uuid":"2838355","kind":"user","description":null,"email":"","website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/2838355?v=4","repositories_count":27,"last_synced_at":"2024-04-14T07:01:29.709Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/gvarsanyi","funding_links":[],"total_stars":45,"followers":1,"following":1,"created_at":"2022-11-02T16:33:05.755Z","updated_at":"2024-04-14T07:01:39.911Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gvarsanyi","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gvarsanyi/repositories"},"tags":[{"name":"0.6.1","sha":"637985e46964ba51f778ca072adc9d037d9e400c","kind":"commit","published_at":"2015-07-21T16:36:05.000Z","download_url":"https://codeload.github.com/gvarsanyi/sync-exec/tar.gz/0.6.1","html_url":"https://github.com/gvarsanyi/sync-exec/releases/tag/0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/tags/0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/tags/0.6.1/manifests"},{"name":"0.6.0","sha":"e7f340d6f36996c261aa4ce73d1468d6f6c78be1","kind":"commit","published_at":"2015-07-20T18:39:26.000Z","download_url":"https://codeload.github.com/gvarsanyi/sync-exec/tar.gz/0.6.0","html_url":"https://github.com/gvarsanyi/sync-exec/releases/tag/0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/tags/0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/tags/0.6.0/manifests"}]},"repo_metadata_updated_at":"2024-08-31T12:48:39.315Z","dependent_packages_count":447,"downloads":612080,"downloads_period":"last-month","dependent_repos_count":13442,"rankings":{"downloads":0.5475876762636316,"dependent_repos_count":0.2234307981273303,"dependent_packages_count":0.1262930671974433,"stargazers_count":6.5832406720508345,"forks_count":5.738059284288817,"docker_downloads_count":0.5539513890835692,"average":2.295427147835271},"purl":"pkg:npm/sync-exec","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4aDgteDY5Ny1naDhx","url":"https://github.com/advisories/GHSA-38h8-x697-gh8q","title":"Tmp files readable by other users in sync-exec","description":"Affected versions of `sync-exec` use files located in `/tmp/` to buffer command results before returning values. As `/tmp/` is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via `sync-exec` under a higher privilege user.\n\n\n## Recommendation\n\nThere is currently no direct patch for `sync-exec`, as the `child_process.execSync` function provided in Node.js v0.12.0 and later provides the same functionality natively. \n\nThe best mitigation currently is to update to Node.js v0.12.0 or later, and migrate all uses of `sync-exec` to `child_process.execSync()`.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-11-09T17:45:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-16024","https://github.com/gvarsanyi/sync-exec/issues/17","https://cwe.mitre.org/data/definitions/377.html","https://github.com/advisories/GHSA-38h8-x697-gh8q","https://www.npmjs.com/advisories/310","https://www.owasp.org/index.php/Insecure_Temporary_File"],"source_kind":"github","identifiers":["GHSA-38h8-x697-gh8q","CVE-2017-16024"],"repository_url":"https://github.com/gvarsanyi/sync-exec","blast_radius":0.0,"created_at":"2022-12-21T16:13:21.345Z","updated_at":"2026-04-05T20:08:02.325Z","epss_percentage":0.00369,"epss_percentile":0.58524,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4aDgteDY5Ny1naDhx","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4aDgteDY5Ny1naDhx","packages":[{"ecosystem":"npm","package_name":"sync-exec","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 0.6.2"}],"purl":"pkg:npm/sync-exec"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4aDgteDY5Ny1naDhx/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/sync-exec","docker_dependents_count":55,"docker_downloads_count":199023,"usage_url":"https://repos.ecosyste.ms/usage/npm/sync-exec","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/sync-exec/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2024-08-31T12:48:32.466Z","issues_count":9,"pull_requests_count":11,"avg_time_to_close_issue":535367.1666666666,"avg_time_to_close_pull_request":3590193.75,"issues_closed_count":6,"pull_requests_closed_count":8,"pull_request_authors_count":10,"issue_authors_count":8,"avg_comments_per_issue":1.222222222222222,"avg_comments_per_pull_request":0.45454545454545453,"merged_pull_requests_count":7,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":0,"past_year_pull_requests_count":1,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/gvarsanyi%2Fsync-exec/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/sync-exec/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/sync-exec/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/sync-exec/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/sync-exec/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/sync-exec/codemeta","maintainers":[{"uuid":"gvarsanyi","login":"gvarsanyi","name":null,"email":"gvarsanyi@gmail.com","url":null,"packages_count":23,"html_url":"https://www.npmjs.com/~gvarsanyi","role":null,"created_at":"2022-11-10T22:49:47.648Z","updated_at":"2022-11-10T22:49:47.648Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/gvarsanyi/packages"}]}