Open jennyhliu opened 6 years ago
edm00se
commented
6 years ago I can confirm these security vulnerabilities with any npm version that performs the npm audit task with the latest version of gitbook-cli, 2.3.2.
I recorded an asciicast of:
git clone ...npm install (which performs an audit)
The thumbnail currently appears broken, here's the direct link: https://asciinema.org/a/203750
palmerabollo
commented
5 years ago There are some PRs #83 #86 #88 that might help but gitbook-cli seems to be abandoned since 2017... @AaronO could you please confirm whether this project is still under active development and accepting contributions?
jraff
commented
5 years ago @AaronO Is there any update on this? Has gitbook-cli been abandoned?
DamienOReilly
commented
5 years ago Is this project abandoned @AaronO ?
Our application uses gitbook-cli 2.3.2, the following security vulnerabilities are reported from
npm audit. The npm version used is 6.4.1.=== npm audit security report ===
│ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > node-gyp > request > hawk > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > node-gyp > request > hawk > cryptiles > │ │ │ boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > node-gyp > request > hawk > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > node-gyp > request > hawk > sntp > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │ │ │ boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │ │ │ cryptiles > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │ │ │ hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │ │ │ sntp > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > request > hawk > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > request > hawk > cryptiles > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > request > hawk > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > request > hawk > sntp > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > boom │ │ │ > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > │ │ │ cryptiles > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > sntp │ │ │ > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ hawk > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ hawk > cryptiles > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ hawk > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ hawk > sntp > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > hawk > boom > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > hawk > cryptiles > boom │ │ │ > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > hawk > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ Prototype pollution │ │ Package │ hoek │ │ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > hawk > sntp > hoek │ │ More info │ https://nodesecurity.io/advisories/566 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > fs-vacuum > rimraf > glob > │ │ │ minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > fstream > rimraf > glob > │ │ │ minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > fstream-npm > fstream-ignore > │ │ │ fstream > rimraf > glob > minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > fstream-npm > fstream-ignore > │ │ │ minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > glob > minimatch > │ │ │ brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > init-package-json > glob > │ │ │ minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > init-package-json > │ │ │ read-package-json > glob > minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > fstream > rimraf > │ │ │ glob > minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > glob > minimatch > │ │ │ brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > minimatch > │ │ │ brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > rimraf > glob > │ │ │ minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > tar > fstream > rimraf │ │ │ > glob > minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > read-installed > │ │ │ read-package-json > glob > minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > read-package-json > glob > │ │ │ minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > rimraf > glob > minimatch > │ │ │ brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ Moderate │ ReDoS │ │ Package │ brace-expansion │ │ Patched in │ >=1.1.7 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > tar > fstream > rimraf > glob > │ │ │ minimatch > brace-expansion │ │ More info │ https://nodesecurity.io/advisories/338 │ │ High │ Regular Expression Denial of Service │ │ Package │ sshpk │ │ Patched in │ >=1.14.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > node-gyp > request > http-signature > │ │ │ sshpk │ │ More info │ https://nodesecurity.io/advisories/606 │ │ High │ Regular Expression Denial of Service │ │ Package │ sshpk │ │ Patched in │ >=1.14.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > request > │ │ │ http-signature > sshpk │ │ More info │ https://nodesecurity.io/advisories/606 │ │ High │ Regular Expression Denial of Service │ │ Package │ sshpk │ │ Patched in │ >=1.14.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > request > http-signature > sshpk │ │ More info │ https://nodesecurity.io/advisories/606 │ │ High │ Regular Expression Denial of Service │ │ Package │ sshpk │ │ Patched in │ >=1.14.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > │ │ │ http-signature > sshpk │ │ More info │ https://nodesecurity.io/advisories/606 │ │ High │ Regular Expression Denial of Service │ │ Package │ sshpk │ │ Patched in │ >=1.14.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ http-signature > sshpk │ │ More info │ https://nodesecurity.io/advisories/606 │ │ High │ Regular Expression Denial of Service │ │ Package │ sshpk │ │ Patched in │ >=1.14.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > http-signature > sshpk │ │ More info │ https://nodesecurity.io/advisories/606 │ │ High │ Regular Expression Denial of Service │ │ Package │ tough-cookie │ │ Patched in │ >=2.3.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > node-gyp > request > tough-cookie │ │ More info │ https://nodesecurity.io/advisories/525 │ │ High │ Regular Expression Denial of Service │ │ Package │ tough-cookie │ │ Patched in │ >=2.3.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > request > │ │ │ tough-cookie │ │ More info │ https://nodesecurity.io/advisories/525 │ │ High │ Regular Expression Denial of Service │ │ Package │ tough-cookie │ │ Patched in │ >=2.3.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > request > tough-cookie │ │ More info │ https://nodesecurity.io/advisories/525 │ │ High │ Regular Expression Denial of Service │ │ Package │ tough-cookie │ │ Patched in │ >=2.3.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > tough-cookie │ │ More info │ https://nodesecurity.io/advisories/525 │ │ High │ Regular Expression Denial of Service │ │ Package │ tough-cookie │ │ Patched in │ >=2.3.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ tough-cookie │ │ More info │ https://nodesecurity.io/advisories/525 │ │ High │ Regular Expression Denial of Service │ │ Package │ tough-cookie │ │ Patched in │ >=2.3.3 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > tough-cookie │ │ More info │ https://nodesecurity.io/advisories/525 │ │ Moderate │ Regular Expression Denial of Service │ │ Package │ ssri │ │ Patched in │ >=5.2.2 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > cacache > ssri │ │ More info │ https://nodesecurity.io/advisories/565 │ │ Moderate │ Regular Expression Denial of Service │ │ Package │ ssri │ │ Patched in │ >=5.2.2 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > ssri │ │ More info │ https://nodesecurity.io/advisories/565 │ │ Moderate │ Regular Expression Denial of Service │ │ Package │ ssri │ │ Patched in │ >=5.2.2 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > cacache > ssri │ │ More info │ https://nodesecurity.io/advisories/565 │ │ Moderate │ Regular Expression Denial of Service │ │ Package │ ssri │ │ Patched in │ >=5.2.2 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > make-fetch-happen > cacache > │ │ │ ssri │ │ More info │ https://nodesecurity.io/advisories/565 │ │ Moderate │ Regular Expression Denial of Service │ │ Package │ ssri │ │ Patched in │ >=5.2.2 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > make-fetch-happen > ssri │ │ More info │ https://nodesecurity.io/advisories/565 │ │ Moderate │ Regular Expression Denial of Service │ │ Package │ ssri │ │ Patched in │ >=5.2.2 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > ssri │ │ More info │ https://nodesecurity.io/advisories/565 │ │ Moderate │ Regular Expression Denial of Service │ │ Package │ ssri │ │ Patched in │ >=5.2.2 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > ssri │ │ More info │ https://nodesecurity.io/advisories/565 │ │ Moderate │ Out-of-bounds Read │ │ Package │ stringstream │ │ Patched in │ >=0.0.6 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > node-gyp > request > stringstream │ │ More info │ https://nodesecurity.io/advisories/664 │ │ Moderate │ Out-of-bounds Read │ │ Package │ stringstream │ │ Patched in │ >=0.0.6 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > npm-registry-client > request > │ │ │ stringstream │ │ More info │ https://nodesecurity.io/advisories/664 │ │ Moderate │ Out-of-bounds Read │ │ Package │ stringstream │ │ Patched in │ >=0.0.6 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > request > stringstream │ │ More info │ https://nodesecurity.io/advisories/664 │ │ Moderate │ Out-of-bounds Read │ │ Package │ stringstream │ │ Patched in │ >=0.0.6 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > stringstream │ │ More info │ https://nodesecurity.io/advisories/664 │ │ Moderate │ Out-of-bounds Read │ │ Package │ stringstream │ │ Patched in │ >=0.0.6 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ stringstream │ │ More info │ https://nodesecurity.io/advisories/664 │ │ Moderate │ Out-of-bounds Read │ │ Package │ stringstream │ │ Patched in │ >=0.0.6 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > stringstream │ │ More info │ https://nodesecurity.io/advisories/664 │ │ Moderate │ Memory Exposure │ │ Package │ tunnel-agent │ │ Patched in │ >=0.6.0 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > node-gyp > request > tunnel-agent │ │ More info │ https://nodesecurity.io/advisories/598 │ │ Moderate │ Memory Exposure │ │ Package │ tunnel-agent │ │ Patched in │ >=0.6.0 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │ │ │ tunnel-agent │ │ More info │ https://nodesecurity.io/advisories/598 │ │ Moderate │ Memory Exposure │ │ Package │ tunnel-agent │ │ Patched in │ >=0.6.0 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npmi > npm > request > tunnel-agent │ │ More info │ https://nodesecurity.io/advisories/598 │ │ High │ Denial of Service │ │ Package │ https-proxy-agent │ │ Patched in │ >=2.2.0 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │ │ │ https-proxy-agent │ │ More info │ https://nodesecurity.io/advisories/593 │ │ High │ Denial of Service │ │ Package │ http-proxy-agent │ │ Patched in │ >=2.1.0 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │ │ │ http-proxy-agent │ │ More info │ https://nodesecurity.io/advisories/607 │ │ Low │ Regular Expression Denial of Service │ │ Package │ debug │ │ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │ │ │ http-proxy-agent > debug │ │ More info │ https://nodesecurity.io/advisories/534 │ │ Low │ Regular Expression Denial of Service │ │ Package │ debug │ │ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │ │ │ https-proxy-agent > debug │ │ More info │ https://nodesecurity.io/advisories/534 │ │ Low │ Prototype Pollution │ │ Package │ deep-extend │ │ Patched in │ >=0.5.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > update-notifier > latest-version > │ │ │ package-json > registry-auth-token > rc > deep-extend │ │ More info │ https://nodesecurity.io/advisories/612 │ │ Low │ Prototype Pollution │ │ Package │ deep-extend │ │ Patched in │ >=0.5.1 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > npm > update-notifier > latest-version > │ │ │ package-json > registry-url > rc > deep-extend │ │ More info │ https://nodesecurity.io/advisories/612 │ │ Low │ Prototype Pollution │ │ Package │ lodash │ │ Patched in │ >=4.17.5 │ │ Dependency of │ gitbook-cli [dev] │ │ Path │ gitbook-cli > lodash │ │ More info │ https://nodesecurity.io/advisories/577 │ found 76 vulnerabilities (5 low, 57 moderate, 14 high) in 9050 scanned packages 76 vulnerabilities require manual review. See the full report for details.