Serious security vulnerability found

[ashishbijlani]

Hello!

I'm a Cybersecurity researcher developing Packj [1]. Our tool has detected a supply-chain vulnerability in this repository. In order for me to disclose it, kindly enable GitHub Private vulnerability reporting, which allows security researchers to responsibly disclose a security vulnerability.

Thanks!

Packj detects malicious/"risky" NPM/PyPI/Ruby dependencies: https://github.com/ossillate-inc/packj