# npm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/eslint/node_modules/ajv
node_modules/table/node_modules/ajv
ansi-regex 4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/cliui/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/inquirer/node_modules/strip-ansi/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
async <2.6.4
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
No fix available
node_modules/async
istanbul *
Depends on vulnerable versions of async
node_modules/istanbul
braces <=2.3.0
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install webpack@5.72.0, which is a breaking change
node_modules/braces
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/anymatch
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
babel-cli *
Depends on vulnerable versions of chokidar
node_modules/babel-cli
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
glob-parent <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install webpack@5.72.0, which is a breaking change
node_modules/eslint/node_modules/glob-parent
node_modules/glob-parent
node_modules/mocha/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
parse-glob >=2.1.0
Depends on vulnerable versions of glob-base
node_modules/parse-glob
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/fsevents/node_modules/minimist
node_modules/fsevents/node_modules/rc/node_modules/minimist
node_modules/handlebars/node_modules/minimist
node_modules/minimist
node_modules/mocha/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/fsevents/node_modules/mkdirp
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse
shelljs <=0.8.4
Severity: high
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-4rq4-32rv-6wp6
Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-64g7-mvw6-v9qj
fix available via `npm audit fix --force`
Will install shelljs@0.8.5, which is a breaking change
node_modules/shelljs
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/fsevents/node_modules/tar
20 vulnerabilities (2 low, 3 moderate, 14 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Especially the used versions of babel packages look quite outdated, as the un-scoped versions, used in the package.json, were not updated for 4 years (e.g. babel-core, meanwhile renamed to @babel/core).
mwear
commented
2 years ago
Besides #285
npm auditreports multiple vulnerabilities:Especially the used versions of babel packages look quite outdated, as the un-scoped versions, used in the package.json, were not updated for 4 years (e.g. babel-core, meanwhile renamed to @babel/core).