Security - Githubissues

aurbano / robinhood-node

:chart_with_upwards_trend: NodeJS client for Robinhood Trading :fire:

https://aurbano.github.io/robinhood-node

MIT License

694 stars 185 forks source link

Security #116

Open TyeS2K opened 3 years ago

TyeS2K commented 3 years ago

I downloaded the latest version 1.7.0 and noticed there were 75 vulnerabilities in this project. 27 of them were HIGH. Given the nature of this library and the potential to expose someone's financial information I wanted to mention this. I will also review the use of lodash, should, uuid, and request to make sure they are malicious.

By removing the following dev dependencies they seem to be resolved:

npm uninstall ava
npm uninstall coveralls
npm uninstall nyc
npm unisntall standard-version

aurbano commented 3 years ago

Good points! Feel free to send a PR with all the potential dependency cleanup you find after reviewing :)