search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.51k stars 1.49k forks source link

LGTM.com - false positive #2227

Open brettz9 opened 4 years ago

brettz9 commented 4 years ago

Description of the false positive

URL to the alert on the project page on LGTM.com

https://lgtm.com/projects/g/tjunnone/npm-check-updates/snapshot/f5d33ba536cc4e2a248106e7dedf92805511c583/files/lib/version-util.js#xea40c3661a5be0a2:1

As is, this does not need to escape backslashes since the input does not have any.

Thanks!

max-schaefer commented 4 years ago

Thank you for your report, @brettz9! I agree that this is a false positive. We will investigate how to improve our analysis to avoid flagging it.