Bug: https://ossindex.sonatype.org/vuln/e7c87d90-fc71-4484-aa9b-982d576b4b45

[cheesestringer]

OSSIndex marks phantomjs-prebuilt@2.1.16 with a vulnerability but the npm advisory links to phantomjs-cheniu

https://ossindex.sonatype.org/component/pkg:npm/phantomjs-prebuilt@2.1.16 https://www.npmjs.com/advisories/262

[ken-duck]

Both packages claim to be based on the same source code. I have not checked the module code yet, though, so the npm entries could be incorrect.

• https://www.npmjs.com/package/phantomjs-cheniu
• https://www.npmjs.com/package/phantomjs-prebuilt

Any thoughts on that? I'll see about checking the actual installed module when I get a chance.

[cheesestringer]

Yeah it's a bit confusing. Last updated in 2015, phantomjs-cheniu is a fork of Medium's phantomjs-prebuilt.

The npm advisory doesn't mention anything about versions, just that migrating off the fork is best.