-
Currently we only show vulnerabilities for transitive dependencies but not the path how we depend on the vulnerable dependency. Considering the lack of lockfile for these ecosystem, it will be helpful…
cuixq updated
7 hours ago
-
![image](https://user-images.githubusercontent.com/3817644/43558147-8f822126-963a-11e8-93e4-83c7781c2727.png)
-
```
=== npm audit security report ===
# Run npm install eslint@8.2.0 to resolve 2 vulnerabili…
-
```
=== npm audit security report ===
# Run npm update ssri --depth 5 to resolve 2 vulnerabil…
-
```
# Run `npm install karma@2.0.2` to resolve 13 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────…
-
```
# npm audit report
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
Depends on vulnerable versions of lodash
fix available via …
-
```
# npm audit report
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
Depends on vulnerable versions of lodash
fix available via …
-
### Tooling Suggestion Checklist
- [X] I have tried restarting my IDE and the issue persists.
- [X] I have pulled the latest `master` branch of the repository.
- [X] I have read and agree to Mocha's …
-
Steps to reproduce:
install angular-cli
install irc-client
npm audit
Result:
```
=== npm audit security report ===
…
-
Hi
I was just installing xml4js, which seems great;
However, npm audit shows a bunch of security related issues from dependent packages not being up-to-date
Using xml4js 6.8.0
As this kind of …