Claudiahdz

**Name of the Vulnerable Software and Affected Versions** npm CLI versions prior to 6.14.6 **Description** The issue concerns an information exposure vulnerability through log files. The npm CLI supports URLs in the format of `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. However, the password value is not redacted and is printed to stdout and also to any generated log files. This could potentially expose sensitive information. **Recommendations** For versions prior to 6.14.6, update to version 6.14.6 or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of information exposure. Avoid using the `password` variable in URLs until the issue is resolved.