All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
[
{
"product": "lsof",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]