search

matheuss / google-translate-api

A free and unlimited API for Google Translate :dollar::no_entry_sign:
https://npmjs.com/package/google-translate-api
MIT License
2.9k stars 608 forks source link

npm audit vulnerability #90

Open jfoclpf opened 5 years ago

jfoclpf commented 5 years ago

Just FIY

                       === npm audit security report ===                        

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Sandbox Breakout                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ safe-eval                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.4.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ google-translate-api                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ google-translate-api > safe-eval                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/337                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 critical severity vulnerability in 1334 scanned packages

Can you avoid using safe-eval at index.js, line 73? https://github.com/matheuss/google-translate-api/blob/master/index.js#L73

brolnickij commented 5 years ago

@jfoclpf Hello Friend! Go to the fork of this repository, which is now actively supported: https://github.com/vitalets/google-translate-api

jfoclpf commented 5 years ago

thanks @brolnickij

rawr51919 commented 5 years ago

Indeed so, as this dependency has been removed altogether from that repo.