Closed nnjeremy closed 2 years ago
Since yesterday we can't build our project. A malicious version of "colors" as been release with the tag 1.4.1 and is include in the package.json file. to fix the issue you should update the dependency with something like this : "colors": "1.4.0"
"colors": "1.4.0"
More information in this article https://snyk.io/blog/open-source-npm-packages-colors-faker/ or with a quick search.
Thanks for your help
Fix published to npm in v5.1.1
Since yesterday we can't build our project. A malicious version of "colors" as been release with the tag 1.4.1 and is include in the package.json file. to fix the issue you should update the dependency with something like this :
"colors": "1.4.0"
More information in this article https://snyk.io/blog/open-source-npm-packages-colors-faker/ or with a quick search.
Thanks for your help