Open Tzahile opened 4 years ago
Hello. For few months I get this warning whenever using npm in my projects involving vue-plotly:
found X vulnerabilities (Y low, Z moderate) in 38272 scanned packages X vulnerabilities require manual review. See the full report for details.
(x is the number of total vulnerabilities). After npm audit, I got the following list:
npm audit
npm audit security report Manual Review Some vulnerabilities require your attention to resolve Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.0 Dependency of vue-plotly Path vue-plotly > plotly.js > gl-plot2d > gl-select-static > cwise > static-module > static-eval More info https://npmjs.com/advisories/548 Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.0 Dependency of vue-plotly Path vue-plotly > plotly.js > gl-plot3d > gl-select-static > cwise > static-module > static-eval More info https://npmjs.com/advisories/548 Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.0 Dependency of vue-plotly Path vue-plotly > plotly.js > ndarray-fill > cwise > static-module > static-eval More info https://npmjs.com/advisories/548 Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.0 Dependency of vue-plotly Path vue-plotly > plotly.js > ndarray-homography > ndarray-warp > cwise > static-module > static-eval More info https://npmjs.com/advisories/548 Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.2 Dependency of vue-plotly Path vue-plotly > plotly.js > gl-plot2d > gl-select-static > cwise > static-module > static-eval More info https://npmjs.com/advisories/758 Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.2 Dependency of vue-plotly Path vue-plotly > plotly.js > gl-plot3d > gl-select-static > cwise > static-module > static-eval More info https://npmjs.com/advisories/758 Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.2 Dependency of vue-plotly Path vue-plotly > plotly.js > ndarray-fill > cwise > static-module > static-eval More info https://npmjs.com/advisories/758 Moderate Sandbox Breakout / Arbitrary Code Execution Package static-eval Patched in >=2.0.2 Dependency of vue-plotly Path vue-plotly > plotly.js > ndarray-homography > ndarray-warp > cwise > static-module > static-eval More info https://npmjs.com/advisories/758 Low Prototype Pollution Package minimist Patched in >=0.2.1 <1.0.0 || >=1.2.3 Dependency of vue-plotly Path vue-plotly > plotly.js > gl-plot2d > gl-select-static > cwise > static-module > quote-stream > minimist More info https://npmjs.com/advisories/1179 Low Prototype Pollution Package minimist Patched in >=0.2.1 <1.0.0 || >=1.2.3 Dependency of vue-plotly Path vue-plotly > plotly.js > gl-plot3d > gl-select-static > cwise > static-module > quote-stream > minimist More info https://npmjs.com/advisories/1179 Low Prototype Pollution Package minimist Patched in >=0.2.1 <1.0.0 || >=1.2.3 Dependency of vue-plotly Path vue-plotly > plotly.js > ndarray-fill > cwise > static-module > quote-stream > minimist More info https://npmjs.com/advisories/1179 Low Prototype Pollution Package minimist Patched in >=0.2.1 <1.0.0 || >=1.2.3 Dependency of vue-plotly Path vue-plotly > plotly.js > ndarray-homography > ndarray-warp > cwise > static-module > quote-stream > minimist More info https://npmjs.com/advisories/1179
Hello. For few months I get this warning whenever using npm in my projects involving vue-plotly:
(x is the number of total vulnerabilities). After
npm audit
, I got the following list: