search

danvk / source-map-explorer

Analyze and debug space usage through source maps
Apache License 2.0
3.83k stars 101 forks source link

Security vulnerability in 'open' package #70

Closed denchen closed 6 years ago

denchen commented 6 years ago

There is a security advisory with the open package, which this library uses. From npm audit:

│ Critical      │ Command Injection                                            │
│ Package       │ open                                                         │
│ Patched in    │ No patch available                                           │
│ Dependency of │ source-map-explorer [dev]                                    │
│ Path          │ source-map-explorer > open                                   │
│ More info     │ https://nodesecurity.io/advisories/663                       │

open seems to be un-maintained, so highly unlikely this issue will be fixed. There is a suggestion to move to opener or opn.