Name of the Vulnerable Software and Affected Versions npm-registry-fetch (affected versions not specified)

Description The issue concerns an information exposure through log files. The npm-registry-fetch cli supports URLs with a specific format, including protocol, user, password, hostname, port, and path. However, the password value is not properly redacted and is printed to both stdout and any generated log files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.