security violation - please update underscore package

desirepath41 / visualCaptcha-npm

Node.js NPM package for visualCaptcha's backend service

MIT License

17 stars 8 forks source link

security violation - please update underscore package #10

Open eran10 opened 2 years ago

eran10 commented 2 years ago

any change to update underscore package to 1.12.1 ? @BrunoBernardino https://app.snyk.io/test/npm/visualcaptcha/0.1.3

BrunoBernardino commented 2 years ago

@eran10 the _.template function isn't used, so that specific vulnerability doesn't apply here. That being said, I would not recommend you use this package anymore, at least not from this repo (maybe there's a more up-to-date fork?) since it hasn't been updated for many years, and it seems the new maintainer isn't planning to update it.

eran10 commented 2 years ago

thanks @BrunoBernardino , i like the idea of visualCaptcha, can you recommend any alternative package with a similar idea as this?

BrunoBernardino commented 2 years ago

Perhaps https://www.hcaptcha.com/ or https://www.mtcaptcha.com/ though I have found no need to use captchas by default anymore, and if you detect a need for throttling, just start showing a simple question (rotated from a list of at least 10), like "what is five plus three?" or "what is the color of the sky?".