Attempting to Resolve Vulnerabilities

ayishagisel / TastyTracker

Using "Build Your First WEB APP" tutorial book by D. Levinson Todd Belton

https://github.com/ayishagisel/TastyTracker

0 stars 0 forks source link

Attempting to Resolve Vulnerabilities #6

Open ayishagisel opened 6 years ago

ayishagisel commented 6 years ago

Started out with 40+ vulnerabilities. Resolved to 16... Attempted to use"found 16 vulnerabilities (9 low, 7 high) in 10641 scanned packages run npm audit fix to fix 2 of them. 14 vulnerabilities require manual review. See the full report for details."

Snyk assessment and fix did not find patches/updates.

ayishagisel commented 6 years ago

screen shot 2018-07-16 at 9 35 36 pm

ayishagisel commented 6 years ago

New npm audit called for npm to be updated to npm 6.2.0.

ayishagisel commented 6 years ago

The above resulted in the following:

"21:26 $ sudo npm install npm@6.2.0 Password:

npm@6.2.0 added 264 packages from 147 contributors, removed 551 packages, updated 14 packages and audited 10640 packages in 19.994s found 34 vulnerabilities (7 low, 20 moderate, 7 high) run npm audit fix to fix them, or npm audit for details"

ayishagisel commented 6 years ago

"Snyk Wizard' command "Tested 826 dependencies for known vulnerabilities, found 7 vulnerabilities, 29 vulnerable paths." and offered various patches.

ayishagisel commented 6 years ago

The patch against "node_modules/cli-table2/node_modules/lodash" (npm:lodash:20180130) failed

ayishagisel commented 6 years ago

screen shot 2018-07-23 at 8 38 50 pm fixed 4 of 33 vulnerabilities

ayishagisel commented 6 years ago

21:03 $ sudo npm install -g npm Password: /usr/local/bin/npm -> /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npx -> /usr/local/lib/node_modules/npm/bin/npx-cli.js

npm@6.2.0 added 15 packages from 12 contributors, removed 34 packages and updated 29 packages in 8.608s