Closed Miosame closed 4 years ago
It was fixed here https://github.com/DylanPiercey/local-devices/pull/16. Not sure why npm is not updated the reflect.
Odd, it still gives the high alert when installing the package too, linking to it, maybe some additional process is necessary to flag it as fixed? never managed such cases yet.
I have contacted the npm security team and they have now marked it as resolved, closing this issue.
re: https://www.npmjs.com/advisories/1020 How exactly would that be abusable? the IPs that get passed to the package are pulled from the network devices available on the host, I miss to see where user command input is possible?