Closed BryanWilhite closed 4 years ago
for angular.io-official
: ran npm install --save-dev @angular/cli@1.7.4
to avoid 6.x move:
=== npm audit security report ===
# Run npm install --save-dev @angular/cli@6.2.3 to resolve 4 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > cryptiles > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
found 4 moderate severity vulnerabilities in 12897 scanned packages
4 vulnerabilities require semver-major dependency updates.
for angular.io-tour-of-heroes/quickstart
:
=== npm audit security report ===
# Run npm install npm@6.4.1 to resolve 20 vulnerabilities
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > cryptiles
> boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > sntp >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > cryptiles >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
# Run npm install @angular/cli@6.2.3 to resolve 11 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > cryptiles > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > node-sass > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > node-sass > request > hawk > cryptiles > boom
> hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > node-sass > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > node-sass > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Memory Exposure
Package tunnel-agent
Dependency of @angular/cli [dev]
Path @angular/cli > node-sass > request > tunnel-agent
More info https://nodesecurity.io/advisories/598
High Open Redirect
Package url-parse
Dependency of @angular/cli [dev]
Path @angular/cli > webpack-dev-server > sockjs-client >
eventsource > original > url-parse
More info https://nodesecurity.io/advisories/678
High Open Redirect
Package url-parse
Dependency of @angular/cli [dev]
Path @angular/cli > webpack-dev-server > sockjs-client >
url-parse
More info https://nodesecurity.io/advisories/678
# Run npm install karma@3.0.0 to resolve 6 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > cryptiles > boom
> hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Memory Exposure
Package tunnel-agent
Dependency of karma [dev]
Path karma > log4js > loggly > request > tunnel-agent
More info https://nodesecurity.io/advisories/598
Low Regular Expression Denial of Service
Package timespan
Dependency of karma [dev]
Path karma > log4js > loggly > timespan
More info https://nodesecurity.io/advisories/533
# Run npm update browser-sync --depth 2 to resolve 2 vulnerabilities
Low Regular Expression Denial of Service
Package debug
Dependency of lite-server [dev]
Path lite-server > browser-sync > localtunnel > debug
More info https://nodesecurity.io/advisories/534
Low Prototype Pollution
Package lodash
Dependency of lite-server [dev]
Path lite-server > browser-sync > easy-extender > lodash
More info https://nodesecurity.io/advisories/577
found 39 vulnerabilities (3 low, 34 moderate, 2 high) in 13756 scanned packages
run `npm audit fix` to fix 22 of them.
17 vulnerabilities require semver-major dependency updates.
for angular.io-tour-of-heroes/quickstart
:
=== npm audit security report ===
# Run npm install npm@6.4.1 to resolve 20 vulnerabilities
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > cryptiles
> boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > sntp >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > cryptiles >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
# Run npm install @angular/cli@6.2.3 to resolve 4 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > cryptiles > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
# Run npm update browser-sync --depth 2 to resolve 2 vulnerabilities
Low Regular Expression Denial of Service
Package debug
Dependency of lite-server [dev]
Path lite-server > browser-sync > localtunnel > debug
More info https://nodesecurity.io/advisories/534
Low Prototype Pollution
Package lodash
Dependency of lite-server [dev]
Path lite-server > browser-sync > easy-extender > lodash
More info https://nodesecurity.io/advisories/577
found 26 vulnerabilities (2 low, 24 moderate) in 13367 scanned packages
run `npm audit fix` to fix 22 of them.
4 vulnerabilities require semver-major dependency updates.
for aurelia-official
:
=== npm audit security report ===
# Run npm install npm@6.4.1 to resolve 20 vulnerabilities
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > cryptiles
> boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > sntp >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > cryptiles >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
# Run npm install --save-dev aurelia-cli@0.35.1 to resolve 9 vulnerabilities
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > libcipm > npm-lifecycle > node-gyp >
request > stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > node-gyp > request > stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-lifecycle > node-gyp > request >
stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-registry-client > request >
stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > request > stringstream
More info https://nodesecurity.io/advisories/664
High Denial of Service
Package http-proxy-agent
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-profile > make-fetch-happen >
http-proxy-agent
More info https://nodesecurity.io/advisories/607
High Denial of Service
Package https-proxy-agent
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-profile > make-fetch-happen >
https-proxy-agent
More info https://nodesecurity.io/advisories/593
Low Prototype Pollution
Package lodash
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > cli-table2 > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-audit-report > cli-table2 > lodash
More info https://nodesecurity.io/advisories/577
# Run npm install karma@3.0.0 to resolve 6 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > cryptiles > boom
> hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of karma
Path karma > log4js > loggly > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Memory Exposure
Package tunnel-agent
Dependency of karma [dev]
Path karma > log4js > loggly > request > tunnel-agent
More info https://nodesecurity.io/advisories/598
Low Regular Expression Denial of Service
Package timespan
Dependency of karma [dev]
Path karma > log4js > loggly > timespan
More info https://nodesecurity.io/advisories/533
# Run npm install --save-dev browser-sync@2.24.7 to resolve 2 vulnerabilities
Low Regular Expression Denial of Service
Package debug
Dependency of browser-sync [dev]
Path browser-sync > localtunnel > debug
More info https://nodesecurity.io/advisories/534
Low Prototype Pollution
Package lodash
Dependency of browser-sync [dev]
Path browser-sync > easy-extender > lodash
More info https://nodesecurity.io/advisories/577
# Run npm update marked --depth 4 to resolve 1 vulnerability
High Regular Expression Denial of Service
Package marked
Dependency of gulp-notify [dev]
Path gulp-notify > node-notifier > cli-usage > marked
More info https://nodesecurity.io/advisories/531
# Run npm update fill-range --depth 7 to resolve 2 vulnerabilities
Low Cryptographically Weak PRNG
Package randomatic
Dependency of gulp-typescript [dev]
Path gulp-typescript > vinyl-fs > glob-stream > micromatch >
braces > expand-range > fill-range > randomatic
More info https://nodesecurity.io/advisories/157
Low Cryptographically Weak PRNG
Package randomatic
Dependency of vinyl-fs [dev]
Path vinyl-fs > glob-stream > micromatch > braces > expand-range
> fill-range > randomatic
More info https://nodesecurity.io/advisories/157
found 40 vulnerabilities (7 low, 30 moderate, 3 high) in 17360 scanned packages
run `npm audit fix` to fix 34 of them.
6 vulnerabilities require semver-major dependency updates.
for aurelia-official
:
=== npm audit security report ===
# Run npm install npm@6.4.1 to resolve 20 vulnerabilities
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > request > hawk >
sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > node-gyp > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > cryptiles
> boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-lifecycle > node-gyp > request > hawk > sntp >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > cryptiles >
boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > npm-registry-client > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of npm
Path npm > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
# Run npm install --save-dev aurelia-cli@0.35.1 to resolve 9 vulnerabilities
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > libcipm > npm-lifecycle > node-gyp >
request > stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > node-gyp > request > stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-lifecycle > node-gyp > request >
stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-registry-client > request >
stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > request > stringstream
More info https://nodesecurity.io/advisories/664
High Denial of Service
Package http-proxy-agent
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-profile > make-fetch-happen >
http-proxy-agent
More info https://nodesecurity.io/advisories/607
High Denial of Service
Package https-proxy-agent
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-profile > make-fetch-happen >
https-proxy-agent
More info https://nodesecurity.io/advisories/593
Low Prototype Pollution
Package lodash
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > cli-table2 > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Dependency of aurelia-cli [dev]
Path aurelia-cli > npm > npm-audit-report > cli-table2 > lodash
More info https://nodesecurity.io/advisories/577
# Run npm install @angular/cli@6.2.3 to resolve 4 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > cryptiles > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli
Path @angular/cli > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
# Run npm install --save-dev browser-sync@2.24.7 to resolve 2 vulnerabilities
Low Regular Expression Denial of Service
Package debug
Dependency of browser-sync [dev]
Path browser-sync > localtunnel > debug
More info https://nodesecurity.io/advisories/534
Low Prototype Pollution
Package lodash
Dependency of browser-sync [dev]
Path browser-sync > easy-extender > lodash
More info https://nodesecurity.io/advisories/577
# Run npm update marked --depth 4 to resolve 1 vulnerability
High Regular Expression Denial of Service
Package marked
Dependency of gulp-notify [dev]
Path gulp-notify > node-notifier > cli-usage > marked
More info https://nodesecurity.io/advisories/531
# Run npm update fill-range --depth 7 to resolve 2 vulnerabilities
Low Cryptographically Weak PRNG
Package randomatic
Dependency of gulp-typescript [dev]
Path gulp-typescript > vinyl-fs > glob-stream > micromatch >
braces > expand-range > fill-range > randomatic
More info https://nodesecurity.io/advisories/157
Low Cryptographically Weak PRNG
Package randomatic
Dependency of vinyl-fs [dev]
Path vinyl-fs > glob-stream > micromatch > braces > expand-range
> fill-range > randomatic
More info https://nodesecurity.io/advisories/157
found 38 vulnerabilities (6 low, 29 moderate, 3 high) in 22766 scanned packages
run `npm audit fix` to fix 34 of them.
4 vulnerabilities require semver-major dependency updates.
for aurelia-official
this is not fixing:
# Run npm update marked --depth 4 to resolve 1 vulnerability
High Regular Expression Denial of Service
Package marked
Dependency of gulp-notify [dev]
Path gulp-notify > node-notifier > cli-usage > marked
More info https://nodesecurity.io/advisories/531
for jquery-audio5
:
=== npm audit security report ===
# Run npm install --save-dev gulp@4.0.0 to resolve 5 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-stream > glob > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-stream > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-watcher > gaze > globule > glob >
minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch
More info https://nodesecurity.io/advisories/118
Low Prototype Pollution
Package lodash
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-watcher > gaze > globule > lodash
More info https://nodesecurity.io/advisories/577
# Run npm update minimatch --depth 4 to resolve 1 vulnerability
High Regular Expression Denial of Service
Package minimatch
Dependency of vinyl-fs [dev]
Path vinyl-fs > glob-stream > glob > minimatch
More info https://nodesecurity.io/advisories/118
found 6 vulnerabilities (1 low, 5 high) in 1361 scanned packages
run `npm audit fix` to fix 1 of them.
5 vulnerabilities require semver-major dependency updates.
for office-addin-excel/my-add-in-angular
:
=== npm audit security report ===
# Run npm install --save-dev @angular/cli@6.2.3 to resolve 20 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > cryptiles > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Low Cryptographically Weak PRNG
Package randomatic
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > anymatch >
micromatch > braces > expand-range > fill-range > randomatic
More info https://nodesecurity.io/advisories/157
Low Cryptographically Weak PRNG
Package randomatic
Dependency of @angular/cli [dev]
Path @angular/cli > webpack-dev-server > http-proxy-middleware >
micromatch > braces > expand-range > fill-range > randomatic
More info https://nodesecurity.io/advisories/157
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Low Prototype Pollution
Package deep-extend
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > rc > deep-extend
More info https://nodesecurity.io/advisories/612
High Regular Expression Denial of Service
Package sshpk
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > request > http-signature > sshpk
More info https://nodesecurity.io/advisories/606
Moderate Out-of-bounds Read
Package stringstream
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > request > stringstream
More info https://nodesecurity.io/advisories/664
Moderate Out-of-bounds Read
Package stringstream
Dependency of @angular/cli [dev]
Path @angular/cli > less > request > stringstream
More info https://nodesecurity.io/advisories/664
High Regular Expression Denial of Service
Package tough-cookie
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > request > tough-cookie
More info https://nodesecurity.io/advisories/525
Low Regular Expression Denial of Service
Package debug
Dependency of @angular/cli [dev]
Path @angular/cli > @angular-devkit/core > chokidar > fsevents >
node-pre-gyp > tar-pack > debug
More info https://nodesecurity.io/advisories/534
# Run npm install --save-dev protractor@5.4.1 to resolve 9 vulnerabilities
High Denial of Service
Package https-proxy-agent
Dependency of protractor [dev]
Path protractor > saucelabs > https-proxy-agent
More info https://nodesecurity.io/advisories/593
High Arbitrary File Write via Archive Extraction
Package adm-zip
Dependency of protractor [dev]
Path protractor > webdriver-js-extender > selenium-webdriver >
adm-zip
More info https://nodesecurity.io/advisories/681
Moderate Prototype pollution
Package hoek
Dependency of protractor [dev]
Path protractor > webdriver-manager > request > hawk > boom >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of protractor [dev]
Path protractor > webdriver-manager > request > hawk > cryptiles
> boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of protractor [dev]
Path protractor > webdriver-manager > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of protractor [dev]
Path protractor > webdriver-manager > request > hawk > sntp >
hoek
More info https://nodesecurity.io/advisories/566
Moderate Out-of-bounds Read
Package stringstream
Dependency of protractor [dev]
Path protractor > webdriver-manager > request > stringstream
More info https://nodesecurity.io/advisories/664
High Arbitrary File Write via Archive Extraction
Package adm-zip
Dependency of protractor [dev]
Path protractor > selenium-webdriver > adm-zip
More info https://nodesecurity.io/advisories/681
High Arbitrary File Write via Archive Extraction
Package adm-zip
Dependency of protractor [dev]
Path protractor > webdriver-manager > adm-zip
More info https://nodesecurity.io/advisories/681
# Run npm update fsevents --depth 3 to resolve 13 vulnerabilities
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Low Prototype Pollution
Package deep-extend
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
rc > deep-extend
More info https://nodesecurity.io/advisories/612
High Regular Expression Denial of Service
Package sshpk
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
request > http-signature > sshpk
More info https://nodesecurity.io/advisories/606
Moderate Out-of-bounds Read
Package stringstream
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
request > stringstream
More info https://nodesecurity.io/advisories/664
High Regular Expression Denial of Service
Package tough-cookie
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
request > tough-cookie
More info https://nodesecurity.io/advisories/525
Low Regular Expression Denial of Service
Package debug
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > fsevents > node-pre-gyp >
tar-pack > debug
More info https://nodesecurity.io/advisories/534
# Run npm update fill-range --depth 7 to resolve 1 vulnerability
Low Cryptographically Weak PRNG
Package randomatic
Dependency of @angular/compiler-cli [dev]
Path @angular/compiler-cli > chokidar > anymatch > micromatch >
braces > expand-range > fill-range > randomatic
More info https://nodesecurity.io/advisories/157
found 43 vulnerabilities (7 low, 28 moderate, 8 high) in 8298 scanned packages
run `npm audit fix` to fix 23 of them.
20 vulnerabilities require semver-major dependency updates.
for tiffany-rayside-svg-verlet
:
=== npm audit security report ===
# Run npm install --save-dev gulp@4.0.0 to resolve 5 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-stream > glob > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-stream > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-watcher > gaze > globule > glob >
minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch
More info https://nodesecurity.io/advisories/118
Low Prototype Pollution
Package lodash
Dependency of gulp [dev]
Path gulp > vinyl-fs > glob-watcher > gaze > globule > lodash
More info https://nodesecurity.io/advisories/577
found 5 vulnerabilities (1 low, 4 high) in 1397 scanned packages
5 vulnerabilities require semver-major dependency updates.
for svg-and-object-element
this issue repeats about 20 times and will not go away:
High Regular Expression Denial of Service
Package minimatch
Dependency of svg-to-png [dev]
Path svg-to-png > imagemin > imagemin-jpegtran > jpegtran-bin >
bin-wrapper > download > gulp-decompress > decompress >
vinyl-fs > glob-stream > glob > minimatch
More info https://nodesecurity.io/advisories/118
i am used to npm outdated
and npm audit
rituals :bulb:
angular.io-official
: