Open arthurtalkgoal opened 4 years ago
We have a security scan on the project that there are some depending packages not passing the scanning.
And below are the npm ls of the package dependencies. namely - lodash 3.10.1, mongoose 4.13.21, express 4.17.1, mongodb 2.2.34
npm ls
Policy Violations - Security-Critical
├─┬ keystone@4.2.1 │ ├─┬ asyncdi@1.1.0 │ │ └── lodash@3.10.1
├─┬ keystone@4.2.1 │ └── mongoose@4.13.21
Policy Violations - Security-High
└─┬ keystone@4.2.1 └── express@4.17.1
├─┬ keystone@4.2.1 │ └─┬ mongoose@4.13.21 │ └── mongodb@2.2.34
We have a security scan on the project that there are some depending packages not passing the scanning.
And below are the
npm lsof the package dependencies. namely - lodash 3.10.1, mongoose 4.13.21, express 4.17.1, mongodb 2.2.34Policy Violations - Security-Critical
├─┬ keystone@4.2.1 │ ├─┬ asyncdi@1.1.0 │ │ └── lodash@3.10.1
├─┬ keystone@4.2.1 │ └── mongoose@4.13.21
Policy Violations - Security-High
└─┬ keystone@4.2.1 └── express@4.17.1
├─┬ keystone@4.2.1 │ └─┬ mongoose@4.13.21 │ └── mongodb@2.2.34