DylanPiercey
commented
4 years ago It was fixed here https://github.com/DylanPiercey/local-devices/pull/16. Not sure why npm is not updated the reflect.
Closed Miosame closed 4 years ago
DylanPiercey
commented
4 years ago It was fixed here https://github.com/DylanPiercey/local-devices/pull/16. Not sure why npm is not updated the reflect.
Miosame
commented
4 years ago Odd, it still gives the high alert when installing the package too, linking to it, maybe some additional process is necessary to flag it as fixed? never managed such cases yet.
Miosame
commented
4 years ago I have contacted the npm security team and they have now marked it as resolved, closing this issue.
re: https://www.npmjs.com/advisories/1020 How exactly would that be abusable? the IPs that get passed to the package are pulled from the network devices available on the host, I miss to see where user command input is possible?