or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

index.md
tile.json

tessl/npm-child_process

Security holding package maintained by npm security team to prevent malicious use of the child_process namespace

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/child_process@1.0.x

To install, run

npx @tessl/cli install tessl/npm-child_process@1.0.0

index.mddocs/

child_process (Security Holding Package)

IMPORTANT SECURITY NOTICE: This is a security holding package maintained by the npm security team. The original child_process package version 1.0.2 contained malicious code and was removed from the registry. This placeholder prevents future malicious packages from claiming the same namespace.

Package Information

  • Package Name: child_process
  • Package Type: npm (Security Holding Package)
  • Language: JavaScript (Node.js)
  • Installation: npm install child_process (NOT RECOMMENDED - see below)
  • Repository: npm/security-holder
  • Maintained by: npm Security Team

Security Warning

This package should NOT be installed or used in production applications. It serves only as a security placeholder to prevent malicious actors from publishing packages under the child_process name.

Recommended Alternative

If you need child process functionality in Node.js, use the built-in child_process module instead:

// Use Node.js built-in module (recommended)
const { spawn, exec, execFile, fork } = require('child_process');

// Or with ES modules
import { spawn, exec, execFile, fork } from 'child_process';

Package Contents

This security holding package contains only:

  • package.json: Minimal metadata with security version identifier
  • README.md: Security notice explaining the package removal

No Functional API

This package intentionally provides no functional exports, classes, or methods. Any attempt to import or require functionality will result in an error, as this behavior is by design to prevent accidental usage.

// This package exports nothing intentionally
// All imports will fail or return undefined

Security History

  • Original Package: child_process@1.0.2 contained malicious code
  • Action Taken: Package removed from npm registry by security team
  • Current Status: Replaced with this security holding package
  • Purpose: Prevent namespace typosquatting and malicious redistribution

Capabilities

Security Protection

This package provides namespace protection for the npm ecosystem by preventing malicious actors from claiming the child_process package name.

// No functional API - security placeholder only
// Package intentionally provides no exports

Developer Warning

When developers attempt to install this package, they receive clear warnings about the security history and are directed to use Node.js built-in alternatives.

Error Handling

Any attempt to use this package as if it were functional will result in:

  • Import/require errors
  • Undefined or null exports
  • Runtime errors if code expects functional methods

This is intentional behavior to prevent accidental usage of the security placeholder.

Types

// No type definitions - package provides no functional types
// This is a security placeholder with no API surface

Installation Guidance

DO NOT INSTALL this package. If you see this package in your dependencies:

  1. Remove it immediately: npm uninstall child_process
  2. Use Node.js built-in child_process module instead
  3. Review your code for any references to the npm child_process package
  4. Update imports to use the built-in Node.js module

Security Best Practices

When working with child processes in Node.js:

  1. Always use the built-in child_process module
  2. Validate and sanitize all input to child processes
  3. Use execFile or spawn instead of exec when possible
  4. Implement proper error handling and timeouts
  5. Run child processes with minimal privileges

For more information about secure child process usage, refer to the Node.js child_process documentation.