Closed jeremykorb closed 5 years ago
npm audit barks an alert to a critical vulnerability with this package. It returns:
npm audit
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Critical │ Command Injection │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ open │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ No patch available │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ grunt-open [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ grunt-open > open │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/663 │ └───────────────┴──────────────────────────────────────────────────────────────┘
I have seen the same issue, looks like package open is not under proper maintenance.
open
grunt-open should switch to using https://github.com/sindresorhus/opn instead.
grunt-open
Resolved with 0.2.4
npm audit
barks an alert to a critical vulnerability with this package. It returns: