$ mkdir /tmp/test && cd "$_"
$ npm i --save-dev browser-sync@3.0.2
$ npm audit
# npm audit report
send <0.19.0
Severity: moderate
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix --force`
Will install browser-sync@2.26.2, which is a breaking change
node_modules/send
browser-sync >=2.12.1
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
node_modules/browser-sync
serve-static <=1.16.0
Depends on vulnerable versions of send
node_modules/serve-static
3 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force