CVE-2020-7678

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval� function located in line 79 in the index file "index.js".

Source: CVE-2020-7678