Running npm audit in a project with Jotform installed returns this result amongst others:
node_modules/tunnel-agent
request 2.2.6 - 2.86.0
Depends on vulnerable versions of form-data
Depends on vulnerable versions of hawk
Depends on vulnerable versions of http-signature
Depends on vulnerable versions of mime
Depends on vulnerable versions of qs
Depends on vulnerable versions of tunnel-agent
node_modules/request
jotform *
Depends on vulnerable versions of request
node_modules/jotform
The main issue here is that Jotform depends on a vulnerable version of request
Running
npm audit
in a project with Jotform installed returns this result amongst others:The main issue here is that Jotform depends on a vulnerable version of request