I then ran most of the npm install and npm update commands it suggested.
The offending package 'hoek' is no longer included in the package-lock.json file at all.
There are still many 'low severity' issues remaining, but I'm unable to fix them due as I started getting this error: Your configured registry (https://registry.npmjs.org/) does not support audit requests.
This should remove the big scary warning though.
For context for anyone happening by: the vulnerability was in a dep of the coveralls package, which runs and generates a coverage report here: https://coveralls.io/github/ConsenSys/Tokens?branch=coverage_test. This does not present a vector for maliciously modifying the contract code, or the test suites themselves.
godfreyhobbs
commented
6 years ago
npm audit fixnpm installandnpm updatecommands it suggested.The offending package 'hoek' is no longer included in the package-lock.json file at all.
There are still many 'low severity' issues remaining, but I'm unable to fix them due as I started getting this error:
Your configured registry (https://registry.npmjs.org/) does not support audit requests.This should remove the big scary warning though.
For context for anyone happening by: the vulnerability was in a dep of the
coverallspackage, which runs and generates a coverage report here: https://coveralls.io/github/ConsenSys/Tokens?branch=coverage_test. This does not present a vector for maliciously modifying the contract code, or the test suites themselves.