Solve nsp vulnerabilities due to dependencies

galkahana / HummusJS

Node.js module for high performance creation, modification and parsing of PDF files and streams

http://www.pdfhummus.com

Other

1.14k stars 169 forks source link

Solve nsp vulnerabilities due to dependencies #273

Closed albertosaito closed 6 years ago

albertosaito commented 6 years ago

NSP (https://www.npmjs.com/package/nsp) is flagging this module as vulnerable due to the dependency on hoek (https://github.com/hapijs/hoek) via node-pre-gyp@0.6.38 and npm@5.8.0:

screen shot 2018-04-27 at 9 51 48 am

Currently there is an explicit dependency on node-pre-gyp@0.6.39, this vulnerability can be solved by upgrading this dependency to 0.9.1. For npm I think it is safe to move that dependency as a devDependency, this way NSP won’t complain about security vulnerabilities there.

galkahana commented 6 years ago

cheers. i'll see if i can fix that problem with node 0.10