-
## Motivation ("The Why")
When comparing CI logs, it would be very helpful to see the npm version that was used with `npm install`, `npm run build`, or really any npm command.
### Example
Th…
-
**Summary**
[Snyk](https://snyk.io/) has found the following issues:
```
Issues to fix by upgrading:
Upgrade configstore@3.1.2 to configstore@5.0.0 to fix
✗ Prototype Pollution [Mediu…
-
I use react@17.0.2, react-helmet@6.1.0, windows@10 And when I try to install react-helmet from npm many issues happen, And when I run (npm audit fix --force)
It doesnot work with my meta component an…
-
Hi ,
We migrated to pnpm from yarn package manager. At the last moment we stuck with SCA Agent scanning which supports only yarn.lock /package-lock and not pnpm-lock.yaml file.
We liked pnpm and…
-
## 📝 Provide detailed reproduction steps (if any)
1. `git clone -b stable https://github.com/ckeditor/ckeditor5.git`
2. `npm install`
### ✔️ Expected result
install all dependencies
### ❌…
-
There are a number of deps that need to be updated to ensure the optimization of the performance of Datapolis. Currently, known deps that need to be updated are Tailwind and Typescript. Specifically o…
-
- [X] I'd be willing to implement this feature ([contributing guide](https://yarnpkg.com/advanced/contributing))
- [X] This feature is important to have in this repository; a contrib plugin would…
-
-
# nth-check 1.0.2 JavaScript (Yarn)
Incorrect Comparison
Description
nth-check is vulnerable to Inefficient Regular Expression Complexity
Severity:
High
Tool: Dependency Scannin…
-
A lot of dependencies used by `@uxpin/merge-cli` are either deprecated, out-of-date or considered as vulnerable.
It leads to a lot of warning messages when installing the tool on a computer.
Th…