robtree
commented
3 years ago Might be worth deleting the much older https://www.npmjs.com/package/bibtex-parser-js too.
Closed robtree closed 3 years ago
robtree
commented
3 years ago Might be worth deleting the much older https://www.npmjs.com/package/bibtex-parser-js too.
robtree
commented
3 years ago Believe this has been resolved by https://github.com/ORCID/bibtexParseJs/pull/32/files and the publication of https://www.npmjs.com/package/@orcid/bibtex-parse-js 0.0.25.
wjrsimpson
commented
3 years ago Indeed. Thanks, Rob!
https://www.npmjs.com/package/bibtex-parse-js has fallen behind the last three years of work.
Because an old version of ava is still one of the dependencies rather than one of the devDependencies, npm audit is reporting two vulnerabilities when using
npm i bibtex-parse-js.Manual Review Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of bibtex-parse-js
Path bibtex-parse-js > ava > chokidar > anymatch > micromatch >
braces
More info https://npmjs.com/advisories/786
High Prototype Pollution
Package dot-prop
Patched in >=4.2.1 <5.0.0 || >=5.1.1
Dependency of bibtex-parse-js
Path bibtex-parse-js > ava > update-notifier > configstore >
dot-prop
More info https://npmjs.com/advisories/1213
found 2 vulnerabilities (1 low, 1 high) in 1692 scanned packages 2 vulnerabilities require manual review. See the full report for details.