found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
npm audit fix
fixed 0 of 1 vulnerability in 144 scanned packages
1 vulnerability required manual review and could not be updated
npm audit
High Prototype Pollution
Package dot-prop
Patched in >=5.1.1
Dependency of ndb [dev]
Path ndb > update-notifier > configstore > dot-prop
More info https://npmjs.com/advisories/1213
What is the expected result?
Ndb would install without a problem.
What happens instead?
I got a scary looking vulnerability alert by npm.
I wanted to know if there was a patch for the vulnerability or if it was just overlooked somehow. I would also like to know what the current work arounds I can use at the current time.
thinh105
commented
4 years ago
Steps to reproduce
Tell us about your environment:
What steps will reproduce the problem?
Please include code that reproduces the issue.
npm install ndb --save-devnpm audit fixnpm auditWhat is the expected result? Ndb would install without a problem.
What happens instead? I got a scary looking vulnerability alert by npm.
I wanted to know if there was a patch for the vulnerability or if it was just overlooked somehow. I would also like to know what the current work arounds I can use at the current time.