mdevils
commented
2 years ago Hello @Mahir92. Audit fixes were applied, thanks.
Closed mahirkabir closed 2 years ago
mdevils
commented
2 years ago Hello @Mahir92. Audit fixes were applied, thanks.
mahirkabir
commented
2 years ago Hi, Thank you for your response!
Issue: We detected vulnerable dependencies in your project by using the command “npm audit”:
npm audit report
glob-parent <5.1.2 Severity: moderate Regular expression denial of service - https://npmjs.com/advisories/1751 fix available via
npm audit fixnode_modules/glob-parenthosted-git-info <2.8.9 || >=3.0.0 <3.0.8 Severity: moderate Regular Expression Denial of Service - https://npmjs.com/advisories/1677 fix available via
npm audit fixnode_modules/hosted-git-infolodash <4.17.21 Severity: high Command Injection - https://npmjs.com/advisories/1673 fix available via
npm audit fixnode_modules/lodashy18n <3.2.2||=4.0.0||>=5.0.0 <5.0.5 Severity: high Prototype Pollution - https://npmjs.com/advisories/1654 fix available via
npm audit fixnode_modules/y18n4 vulnerabilities (2 moderate, 2 high)
To address all issues, run: npm audit fix
Questions: We are conducting a research study on vulnerable dependencies in open-source JS projects. We are curious:
For any publication or research report based on this study, we will share all responses from developers in an anonymous way. Both your projects and personal information will be kept confidential.
Description: Many popular NPM packages have been found vulnerable and may carry significant risks [1]. Developers are recommended to monitor and avoid the vulnerable versions of the library. The vulnerabilities have been identified and reported by other developers, and their descriptions are available in the npm registry [2].
Steps to reproduce:
Suggested Solution: Npm has introduced the “npm audit fix” command to fix the vulnerabilities. Execute the command to apply remediation to the dependency tree.
References: