search

npms-io / npms-www

The https://npms.io website
MIT License
245 stars 35 forks source link

'Insecure' tag shown but no vulnerabilities #215

Open mwri opened 6 years ago

mwri commented 6 years ago

'Insecure' tags are being applied to some packages which do not have any apparent vulnerabilities.

For example lostofs currently has a red 'insecure' tag, see first result from the npms.io search.

Hovering over the tag it says:

Package lostofs@1.0.6 has 3 vulnerabilities. For more details, check against nodesecurity.io.

However, following the link to nodesecurity.io it says there are none:

There are no known vulnerabilities for lostofs@latest or any of its dependencies.

TiagoDanin commented 6 years ago

Same with my packages (unsplash-source-node and ttgram) https://npms.io/search?q=author%3Atiagodanin