Closed zkuzmic closed 4 years ago
Running npm audit on a project with the latest version of esformatter installed results in the following issue:
npm audit
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Tmp files readable by other users │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ sync-exec │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ No patch available │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ esformatter [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ esformatter > npm-run > sync-exec │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/310 │ └───────────────┴──────────────────────────────────────────────────────────────┘
Proposed resolution: Upgrade the npm-run dependency to version 5.0.1 which no longer has the sync-exec package as a dependency.
npm-run
sync-exec
Running
npm auditon a project with the latest version of esformatter installed results in the following issue:Proposed resolution: Upgrade the
npm-rundependency to version 5.0.1 which no longer has thesync-execpackage as a dependency.