search

node-gh / gh

(DEPRECATED) GitHub CLI made with NodeJS. Use the official https://cli.github.com/ instead.
http://nodegh.io
Other
1.71k stars 217 forks source link

vulnerabilities detected when running npm audit #557

Closed gghhh456 closed 6 years ago

gghhh456 commented 6 years ago

Hey there,

I get 3 vulnerabilities (2 low, 1 critical) after installing this package.

npm --version #6.4.0

node -v #8.11.3

vulnerebility

protoEvangelion commented 6 years ago

@gghhh456 Thanks for reporting :)

Although the warnings were benign AFAIK, I went ahead and updated dependencies to get rid of the npm audit warnings.

A lot of these warnings are not an issue because they either exploit a running server like a DDoS attack or rely on malicious user input. These types of exploits should not affect gh users.

It does feel nice though when the report comes back:

image

Thanks again for reporting and let me know if you still see these warnings after running npm install -g gh