Install via NPM reports Vulnerabilities

[Fraserhoenes]

Install via NPM reports Vulnerabilities

Expected Behavior

• run npm install -g is-website-vulnerable
• returns added 294 packages, audited 294 packages in [x] seconds
• returns found 0 vulnerabilities

Current Behavior

• run npm install -g is-website-vulnerable
• returns added 294 packages, audited 294 packages in [x] seconds
• returns 9 vulnerabilities (3 low, 6 high)

Possible Solution

Unsure

Steps to Reproduce (for bugs)

See above, and if this is reproducible / if anyone else is getting these vulnerable packages on install, or whether this is a local issue specific to my environment.

Apologies in advance if this isn't an issue with the package, or is only temporary!

Your Environment

• Library Version : v? ( latest pulled from npm is-website-vulnerable package )
• Node.js : v15.3.0
• Npm : v7.0.15
• macOS / OSx :v10.15.7

[lirantal]

There are indeed 2 issues as we can see here: https://snyk.io/test/github/lirantal/is-website-vulnerable

• is-url-superb we can upgrade to version 5.0.0 the latest which fixes the indirect security issue, see here on the Advisor to validate:

• lighthouse - we're on the latest version and there are indeed indirect vulnerabilities there, not a lot to do about it.

@Fraserhoenes if you want to suggest a pull request to upgrade the is-url-superb version to latest major I'll be merging it gladly.

[Fraserhoenes]

I'm not crazy experienced but I've forked and I'll give it a go; before committing, check my PR carefully when it comes 😄

[lirantal]

No worries at all, happy to review :-)

[lirantal]

Security vulnerabilities indeed exist here but none of this is a direct issue for the CLI.