moll
commented
4 years ago Thanks for the heads up! I'll investigate and possibly write to them.
Closed chrismacp closed 4 years ago
moll
commented
4 years ago Thanks for the heads up! I'll investigate and possibly write to them.
moll
commented
4 years ago Do you happen to have some output from Snyk's tools that highlight Mitm.js, @chrismacp? I'm trying to reproduce this via Snyk's web interface, but so far haven't been able to.
moll
commented
4 years ago When I look at their database, it doesn't seem to mark it as vulnerable, either: https://snyk.io/vuln/npm:mitm. Could this be a bug with their CLI app?
chrismacp
commented
4 years ago Hi, Thanks for the super fast response! I found out a little more and I think it's actually not Snyk, but my company that has defined this licence type as a "high" vulnerability within our Snyk settings. Sorry that wasn't immediately clear to me when I reported this issue. I've just been reading through all the licence related docs I could find. Similar to Google's banned licence list, my company doesn't permit the use of anything with this licence unfortunately. Will have to find an alternative.
Thanks again though :)
moll
commented
4 years ago You're welcome.
Which license though? The "Lesser' variant of AGPL isn't on Google's banned list. It's akin to LGPL, which they're fine with at https://opensource.google/docs/thirdparty/licenses/#LinkingRequirements.
Hi,
This package is being flagged in Snyk as a vulnerability due to the licence. I found a similar issue in another package which suggested it was due to deprecated licence. I'm not an expert on this so can't confirm that is correct but if so it would be great to update this.
Thanks