search

MarkForged / nps

NPM Package Scripts -- All the benefits of npm scripts without the cost of a bloated package.json and limits of json
MIT License
6 stars 0 forks source link

Some dependency packages on nps-utils contain vulnerabilities #12

Open jgomesmv opened 1 year ago

jgomesmv commented 1 year ago

The command executed:

npm install

The output:

trim-newlines  <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix --force`
Will install nps-utils@1.0.2, which is a breaking change
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow
    cpy  4.0.0 - 4.0.1
    Depends on vulnerable versions of meow
    node_modules/cpy
      cpy-cli  <=3.1.0
      Depends on vulnerable versions of meow
      node_modules/cpy-cli
        nps-utils  >=1.1.0
        Depends on vulnerable versions of cpy-cli
        node_modules/nps-utils

Problem description: After running npm install some dependency packages contain vulnerabilities

Suggested solution: Update the vulnerability packages to latest version