The package allows arbitrary code execution via importScripts and eval, posing a significant security risk if an attacker controls the f argument.
No verification record available.
The package contains code that uses fs.readFileSync and eval within the importScripts function. This allows arbitrary code execution from a file specified by the f argument. If an attacker can control the value of f, they can execute malicious code. This constitutes a significant security risk.
