search

awslabs / amplify-video

An open source Category Plugin for the AWS Amplify-CLI that makes it easy to deploy live and file based streaming video services and integrate them into your Amplify applications.
https://www.npmjs.com/package/amplify-category-video
Apache License 2.0
269 stars 56 forks source link

amplify video add command not found #350

Open kjetilge opened 2 years ago

kjetilge commented 2 years ago

Describe the bug Running amplify video add results in ⚠️ The Amplify CLI can NOT find command: video add

To Reproduce Steps to reproduce the behavior:

  1. Install amplify cli: npm install -g @aws-amplify/cli
  2. Install amplify-video plugin npm i amplify-category-video -g
  3. In an amplify project folder try: amplify video add

Expected behavior A video resource should be added to the Amplify project

Desktop

Additional context Installing the plugin looks like this:

npm i amplify-category-video -g

changed 146 packages, and audited 147 packages in 2s

25 packages are looking for funding
  run `npm fund` for details

1 critical severity vulnerability

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Running npm audit yields:

# npm audit report

@aws-sdk/shared-ini-file-loader  <=1.0.0-rc.8
Severity: high
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader - https://github.com/advisories/GHSA-rrc9-gqf8-8rwg
fix available via `npm audit fix`
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/shared-ini-file-loader
  @aws-sdk/credential-provider-ini  <=1.0.0-rc.8
  Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
  node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-ini
  @aws-sdk/credential-provider-process  <=1.0.0-rc.8
  Depends on vulnerable versions of @aws-sdk/credential-provider-ini
  Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
  node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-process
    @aws-sdk/credential-provider-node  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-ini
    Depends on vulnerable versions of @aws-sdk/credential-provider-process
    node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-node
  @aws-sdk/node-config-provider  <=1.0.0-rc.8
  Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
  node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-amplify/cache/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/node-config-provider
    @aws-sdk/client-cognito-identity  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/client-cognito-identity
    node_modules/@aws-amplify/cache/node_modules/@aws-sdk/client-cognito-identity
      @aws-amplify/core  3.4.7-ui-preview.9 - 3.4.7-unstable.17 || 3.5.2-unstable.1 - 3.8.13
      Depends on vulnerable versions of @aws-sdk/client-cognito-identity
      Depends on vulnerable versions of @aws-sdk/credential-provider-cognito-identity
      node_modules/@aws-amplify/analytics/node_modules/@aws-amplify/core
      node_modules/@aws-amplify/cache/node_modules/@aws-amplify/core
        @aws-amplify/analytics  3.2.8-ui-preview.9 - 3.2.8-unstable.17 || 3.3.2-unstable.1 - 4.0.9
        Depends on vulnerable versions of @aws-amplify/cache
        Depends on vulnerable versions of @aws-amplify/core
        Depends on vulnerable versions of @aws-sdk/client-firehose
        Depends on vulnerable versions of @aws-sdk/client-kinesis
        Depends on vulnerable versions of @aws-sdk/client-personalize-events
        Depends on vulnerable versions of @aws-sdk/client-pinpoint
        node_modules/@aws-amplify/analytics
        @aws-amplify/cache  3.1.24-ui-preview.9 - 3.1.24-unstable.17 || 3.1.27-unstable.1 - 3.1.27-unstable.6 || 3.1.28-unstable.1 - 3.1.28-unstable.5 || 3.1.29-unstable.1 - 3.1.29-unstable.3 || 3.1.30-unstable.1 - 3.1.30-unstable.9 || 3.1.31-unstable.1 - 3.1.31-unstable.10 || 3.1.32-unstable.1 - 3.1.32-unstable.11 || 3.1.33-pr-7040.16 - 3.1.33-unstable.14 || 3.1.34-unstable.1 - 3.1.34-unstable.2 || 3.1.35-unstable.1 - 3.1.35-unstable.2 || 3.1.36-native.8 - 3.1.46
        Depends on vulnerable versions of @aws-amplify/core
        node_modules/@aws-amplify/cache
      @aws-sdk/credential-provider-cognito-identity  <=1.0.0-rc.8
      Depends on vulnerable versions of @aws-sdk/client-cognito-identity
      node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-cognito-identity
      node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-cognito-identity
    @aws-sdk/client-firehose  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-firehose
    @aws-sdk/client-kinesis  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-kinesis
    @aws-sdk/client-personalize-events  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-personalize-events
    @aws-sdk/client-pinpoint  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-pinpoint

ansi-html  <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/ansi-html
  webpack-dev-server  2.0.0-beta - 4.7.2
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of selfsigned
  Depends on vulnerable versions of sockjs
  Depends on vulnerable versions of yargs
  node_modules/webpack-dev-server
    react-scripts  0.1.0 - 5.0.0-next.60
    Depends on vulnerable versions of @svgr/webpack
    Depends on vulnerable versions of babel-jest
    Depends on vulnerable versions of css-loader
    Depends on vulnerable versions of fork-ts-checker-webpack-plugin-alt
    Depends on vulnerable versions of jest
    Depends on vulnerable versions of optimize-css-assets-webpack-plugin
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of terser-webpack-plugin
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/react-scripts

axios  <0.21.2
Severity: high
Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
fix available via `npm audit fix`
node_modules/axios
  @aws-amplify/api-rest  <=2.0.13
  Depends on vulnerable versions of axios
  node_modules/@aws-amplify/api-rest
    @aws-amplify/api  1.0.38-preview.45 - 1.0.38-preview.121 || 1.2.5-unstable.0 - 1.3.1-ui-preview.54 || 3.0.1-preview.0 - 4.0.13
    Depends on vulnerable versions of @aws-amplify/api-graphql
    Depends on vulnerable versions of @aws-amplify/api-rest
    node_modules/@aws-amplify/api
      aws-amplify-react  >=4.1.23-unstable.2
      Depends on vulnerable versions of @aws-amplify/api
      node_modules/aws-amplify-react
    @aws-amplify/api-graphql  <=2.2.2
    Depends on vulnerable versions of @aws-amplify/api-rest
    node_modules/@aws-amplify/api-graphql
  @aws-amplify/storage  3.1.4-unstable.0 - 4.3.8
  Depends on vulnerable versions of axios
  node_modules/@aws-amplify/storage

braces  <=2.3.0
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/jest-cli/node_modules/braces
node_modules/jest-config/node_modules/braces
node_modules/jest-message-util/node_modules/braces
node_modules/jest-runner/node_modules/braces
node_modules/jest-runtime/node_modules/braces
node_modules/test-exclude/node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/jest-cli/node_modules/micromatch
  node_modules/jest-config/node_modules/micromatch
  node_modules/jest-message-util/node_modules/micromatch
  node_modules/jest-runner/node_modules/micromatch
  node_modules/jest-runtime/node_modules/micromatch
  node_modules/test-exclude/node_modules/micromatch
    jest-cli  0.10.2 - 24.8.0
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-environment-jsdom
    Depends on vulnerable versions of jest-haste-map
    Depends on vulnerable versions of jest-message-util
    Depends on vulnerable versions of jest-resolve-dependencies
    Depends on vulnerable versions of jest-runner
    Depends on vulnerable versions of jest-runtime
    Depends on vulnerable versions of jest-snapshot
    Depends on vulnerable versions of jest-util
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of node-notifier
    Depends on vulnerable versions of yargs
    node_modules/jest-cli
      jest  13.3.0-alpha.4eb0c908 - 23.6.0
      Depends on vulnerable versions of jest-cli
      node_modules/jest
    jest-config  12.1.1-alpha.2935e14d - 25.5.4
    Depends on vulnerable versions of babel-jest
    Depends on vulnerable versions of jest-environment-jsdom
    Depends on vulnerable versions of jest-environment-node
    Depends on vulnerable versions of jest-jasmine2
    Depends on vulnerable versions of jest-util
    Depends on vulnerable versions of micromatch
    node_modules/jest-config
      jest-runner  21.0.0-alpha.1 - 22.4.4 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-haste-map
      Depends on vulnerable versions of jest-jasmine2
      Depends on vulnerable versions of jest-message-util
      Depends on vulnerable versions of jest-runtime
      Depends on vulnerable versions of jest-util
      node_modules/jest-runner
      jest-runtime  14.1.0 - 24.8.0
      Depends on vulnerable versions of babel-plugin-istanbul
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-haste-map
      Depends on vulnerable versions of jest-message-util
      Depends on vulnerable versions of jest-snapshot
      Depends on vulnerable versions of jest-util
      Depends on vulnerable versions of micromatch
      Depends on vulnerable versions of yargs
      node_modules/jest-runtime
    jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of sane
    node_modules/jest-cli/node_modules/jest-haste-map
    node_modules/jest-runner/node_modules/jest-haste-map
    node_modules/jest-runtime/node_modules/jest-haste-map
    jest-message-util  18.5.0-alpha.7da3df39 - 23.1.0 || 23.4.0 - 24.0.0-alpha.16
    Depends on vulnerable versions of micromatch
    node_modules/jest-message-util
      expect  21.0.0-beta.1 - 22.4.3 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-message-util
      node_modules/expect
        jest-jasmine2  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
        Depends on vulnerable versions of expect
        Depends on vulnerable versions of jest-message-util
        Depends on vulnerable versions of jest-snapshot
        Depends on vulnerable versions of jest-util
        node_modules/jest-jasmine2
      jest-snapshot  23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-message-util
      node_modules/jest-snapshot
        jest-resolve-dependencies  23.4.0 - 23.6.0
        Depends on vulnerable versions of jest-snapshot
        node_modules/jest-resolve-dependencies
      jest-util  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
      Depends on vulnerable versions of jest-message-util
      node_modules/jest-cli/node_modules/jest-util
      node_modules/jest-config/node_modules/jest-util
      node_modules/jest-environment-jsdom/node_modules/jest-util
      node_modules/jest-environment-node/node_modules/jest-util
      node_modules/jest-jasmine2/node_modules/jest-util
      node_modules/jest-runner/node_modules/jest-util
      node_modules/jest-runtime/node_modules/jest-util
        jest-environment-jsdom  10.0.2 - 25.5.0
        Depends on vulnerable versions of jest-util
        Depends on vulnerable versions of jsdom
        node_modules/jest-environment-jsdom
        jest-environment-node  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
        Depends on vulnerable versions of jest-util
        node_modules/jest-environment-node
    test-exclude  <=4.2.3
    Depends on vulnerable versions of micromatch
    node_modules/test-exclude
      babel-plugin-istanbul  <=5.0.0
      Depends on vulnerable versions of test-exclude
      node_modules/babel-plugin-istanbul
        babel-jest  14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
        Depends on vulnerable versions of babel-plugin-istanbul
        node_modules/babel-jest

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
  react-dev-utils  0.4.0 - 12.0.0-next.60
  Depends on vulnerable versions of browserslist
  Depends on vulnerable versions of globby
  Depends on vulnerable versions of immer
  Depends on vulnerable versions of shell-quote
  node_modules/react-dev-utils

chownr  <1.1.0
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr - https://github.com/advisories/GHSA-c6rq-rjc2-86v2
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/chownr

glob-parent  <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    fork-ts-checker-webpack-plugin-alt  *
    Depends on vulnerable versions of chokidar
    node_modules/fork-ts-checker-webpack-plugin-alt
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/globby
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob

hermes-engine  <=0.9.0
Severity: critical
Access of Resource Using Incompatible Type in Hermes - https://github.com/advisories/GHSA-7mhc-prgv-r3q4
fix available via `npm audit fix`
node_modules/hermes-engine
  react-native  <=0.0.0-ffdfbbec0 || 0.61.0-rc.0 - 0.68.2
  Depends on vulnerable versions of @react-native-community/cli
  Depends on vulnerable versions of @react-native-community/cli-platform-android
  Depends on vulnerable versions of @react-native-community/cli-platform-ios
  Depends on vulnerable versions of hermes-engine
  node_modules/react-native

immer  <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
Prototype Pollution in immer - https://github.com/advisories/GHSA-9qmh-276g-x5pj
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/react-dev-utils/node_modules/immer

ini  <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/ini

jsdom  <=16.4.0
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/jest-environment-jsdom/node_modules/jsdom

merge  <2.1.1
Severity: high
Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/merge
  exec-sh  <=0.3.1
  Depends on vulnerable versions of merge
  node_modules/jest-cli/node_modules/exec-sh
  node_modules/jest-runner/node_modules/exec-sh
  node_modules/jest-runtime/node_modules/exec-sh
  node_modules/watch/node_modules/exec-sh
    sane  1.0.4 - 4.0.2
    Depends on vulnerable versions of exec-sh
    Depends on vulnerable versions of watch
    node_modules/jest-cli/node_modules/sane
    node_modules/jest-runner/node_modules/sane
    node_modules/jest-runtime/node_modules/sane
    watch  >=0.14.0
    Depends on vulnerable versions of exec-sh
    node_modules/watch

minimist  <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/minimist
node_modules/react-scripts/node_modules/fsevents/node_modules/rc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/react-scripts/node_modules/fsevents/node_modules/mkdirp

node-forge  <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

node-notifier  <8.0.1
Severity: moderate
OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/node-notifier

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/core  <=3.1.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/core
        @svgr/webpack  <=3.1.0
        Depends on vulnerable versions of @svgr/core
        node_modules/@svgr/webpack
      postcss-svgo  4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
      Depends on vulnerable versions of svgo
      node_modules/postcss-svgo
        cssnano-preset-default  <=4.0.8
        Depends on vulnerable versions of postcss-svgo
        node_modules/cssnano-preset-default
          cssnano  4.0.0-nightly.2020.1.9 - 4.1.11
          Depends on vulnerable versions of cssnano-preset-default
          node_modules/cssnano
            optimize-css-assets-webpack-plugin  3.2.1 || 5.0.0 - 5.0.8
            Depends on vulnerable versions of cssnano
            node_modules/optimize-css-assets-webpack-plugin

postcss  <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/postcss
  css-loader  0.15.0 - 1.0.1
  Depends on vulnerable versions of icss-utils
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of postcss-modules-extract-imports
  Depends on vulnerable versions of postcss-modules-local-by-default
  Depends on vulnerable versions of postcss-modules-scope
  Depends on vulnerable versions of postcss-modules-values
  node_modules/css-loader
  icss-utils  <=3.0.1
  Depends on vulnerable versions of postcss
  node_modules/icss-utils
  postcss-modules-extract-imports  <=1.2.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-extract-imports
  postcss-modules-local-by-default  <=1.2.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-local-by-default
  postcss-modules-scope  <=1.1.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-scope
  postcss-modules-values  <=1.3.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-values

serialize-javascript  <=3.0.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
Cross-Site Scripting in serialize-javascript - https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/serialize-javascript
  terser-webpack-plugin  <=1.4.1
  Depends on vulnerable versions of serialize-javascript
  node_modules/terser-webpack-plugin
  uglifyjs-webpack-plugin  >=1.1.3
  Depends on vulnerable versions of cacache
  Depends on vulnerable versions of serialize-javascript
  node_modules/uglifyjs-webpack-plugin
    webpack  4.3.0 - 4.25.1
    Depends on vulnerable versions of uglifyjs-webpack-plugin
    node_modules/webpack

shell-quote  <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/shell-quote
  @react-native-community/cli-tools  4.8.0 - 5.0.0-alpha.0 || 5.0.1-alpha.0 - 6.2.0
  Depends on vulnerable versions of shell-quote
  node_modules/@react-native-community/cli-tools
    @react-native-community/cli  4.8.0 - 7.0.3
    Depends on vulnerable versions of @react-native-community/cli-hermes
    Depends on vulnerable versions of @react-native-community/cli-plugin-metro
    Depends on vulnerable versions of @react-native-community/cli-server-api
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli
    @react-native-community/cli-hermes  <=6.3.0
    Depends on vulnerable versions of @react-native-community/cli-platform-android
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-hermes
    @react-native-community/cli-platform-android  4.8.0 - 6.3.0
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-platform-android
    @react-native-community/cli-platform-ios  4.8.0 - 6.2.0
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-platform-ios
    @react-native-community/cli-plugin-metro  <=7.0.3
    Depends on vulnerable versions of @react-native-community/cli-server-api
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-plugin-metro
    @react-native-community/cli-server-api  <=7.0.3
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-server-api

sockjs  <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/sockjs

ssri  5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/uglifyjs-webpack-plugin/node_modules/ssri
  cacache  10.0.4 - 11.0.0
  Depends on vulnerable versions of ssri
  node_modules/uglifyjs-webpack-plugin/node_modules/cacache

tar  <=4.4.17
Severity: high
Arbitrary File Overwrite in tar - https://github.com/advisories/GHSA-j44m-qm6p-hp7m
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/tar

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install react-scripts@5.0.1, which is a breaking change
node_modules/jest-cli/node_modules/yargs-parser
node_modules/jest-runtime/node_modules/yargs-parser
node_modules/webpack-dev-server/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/jest-cli/node_modules/yargs
  node_modules/jest-runtime/node_modules/yargs
  node_modules/webpack-dev-server/node_modules/yargs

102 vulnerabilities (13 low, 21 moderate, 55 high, 13 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
alexhafner commented 2 years ago

In my case, it turned out that Volta managed amplify. The plugin scan for amplify plugins does not pick that up. instead, I had to run amplify plugin add and supply the full path to the plugin, ie /Users/xyz/.volta/tools/image/packages/amplify-category-video/lib/node_modules/amplify-category-video

In ~/.amplify/plugins.json, that added

  "userAddedLocations": [
    "/Users/xyz/.volta/tools/image/packages/amplify-category-video/lib/node_modules/amplify-category-video"
  ],

and the relevant entry for the video plugin