Open pdehaan opened 9 years ago
For giggles, here was my full install log:
$ git clone https://github.com/euoia/node-command-center.git .
$ npm install
npm WARN deprecated less-middleware@0.1.15: Updated API and improved functionality.
$ npm shrinkwrap --dev
wrote npm-shrinkwrap.json
$ # sudo npm i nsp -g
$ nsp audit-shrinkwrap
Name Installed Patched Vulnerable Dependency
validator 0.4.28 >=2.0.0 command-center
validator 0.4.28 >= 1.1.0 command-center
$ npm outdated --depth 0
Package Current Wanted Latest Location
less-middleware 0.1.15 0.1.15 1.0.4 less-middleware
underscore 1.6.0 1.6.0 1.7.0 underscore
validator 0.4.28 0.4.28 3.22.0 validator
# .travis.yml not found
$ # sudo npm i package-json-validator -g
$ pjv -wr
{ valid: true,
warnings:
[ 'Missing recommended field: keywords',
'Missing recommended field: contributors' ],
recommendations: [ 'Missing optional field: engines' ] }
Wow, thanks for this! It's the first time I have seen nsp and pjv. Really useful.
I'll get things updated shortly.
See https://nodesecurity.io/advisories/validator_XSS_Filter_Bypass_via_Encoded_URL You may want to bump the validator dependency up to at least 2.0.0.