Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potentially Dangerous PATH Variables C:\ProgramData\npm\npm : builtin\users #79

Open
vinaykasireddy opened this issue Apr 11, 2023 · 1 comment
Open

Potentially Dangerous PATH Variables C:\ProgramData\npm\npm : builtin\users #79

vinaykasireddy opened this issue Apr 11, 2023 · 1 comment

Comments

@vinaykasireddy
Copy link

Description

Potentially Dangerous PATH Variables "C:\ProgramData\npm\npm : builtin\users" is reported.

Steps to Reproduce

We have followed all the instructions as mentioned in the below link. As part of this we have also run "npm run configure" command and running this has created "C:\ProgramData\npm" in the environment variables "Path". However this seems to have reported as a vulnerability when the run the scan in EC2 servers. My organisation is asking if we can remove this setting or to put provide a remediation. Please advise.

https://github.com/jessety/pm2-installer

image

Environment

Windows Server 2016
Node JS 16.13.1 (Windows)
[email protected]
[email protected]
@xinthose
Copy link

Why would that be a vulnerability? The path has to be permanent and accessible by the system account.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vinaykasireddy @xinthose