-
### PURL of wrongly matched component
pkg:npm/lodash@4.17.21
### Depscan findings
Receiving {"id": "CVE-2019-1010266", "package": "npm:lodash", "purl": "pkg:npm/lodash@4.17.21", "package_type": "np…
-
### Prerequisites
- [X] I have searched the existing issues
- [X] I understand that providing a [SSCCE](http://sscce.org/) example is tremendously useful to the maintainers.
- [X] I have read the [do…
-
https://es-toolkit.slash.page
-
Several of the visx package import all of lodash just to use 1 or 2 functions. Would you accept a patch to switch to individual packages in order to reduce the bundle size?
-
## problem
```js
// utils.js
export * from "lodash-es" // lodash has a template export
export { template } from "./foo"
```
in index.js
```js
import { template } from "./utils.js"
```
e…
-
npm audit is reporting a high severity vulnerability (Prototype Pollution) in lodash.pick@4.4.0, which appears to be a false positive or misclassification. The vulnerability seems to be related to the…
-
我还得额外安装一个lodash
-
When using an empty examples {} the `convertV2` fails.
```yaml
openapi: 3.0.1
info:
title: Test
version: 1.0.0
description: Test
servers:
- url: https://example.de/test
security:
…
-
The status of the Lodash library is questionable. Many of its functions can be safely replaced with native JS. This blog post has some tips: https://thejs.dev/jmitchell/its-time-to-let-go-of-lodash-nq…
-
**Problem**
I'm investigating my current project to minimize the bundle size and how much data used for people to load, the only library I have in package that uses ALL lodash library as a package is…