The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.
