npm audit report 29 vulnerabilities

jquery / esprima

ECMAScript parsing infrastructure for multipurpose analysis

http://esprima.org

BSD 2-Clause "Simplified" License

7.04k stars 786 forks source link

npm audit report 29 vulnerabilities #2088

Closed loynoir closed 3 years ago

loynoir commented 3 years ago

Steps to reproduce

Prepare

git clone https://github.com/jquery/esprima .
npm install

npm audit

Expected output

found 0 vulnerabilities

Actual output

29 vulnerabilities (11 low, 8 moderate, 7 high, 3 critical)

Relevant references

ariya commented 3 years ago

Thank you for the checks @loynoir!

These are all transitive dependencies of the devDependencies, i.e. the tools used for development. They are not affecting the run-time safety of Esprima (when being used a library). Any PRs to update/improve those tools are always welcomed.

I'm closing this for now unless there is a strong evident that the run-time behavior of Esprima is affected.