Open amclin opened 3 years ago
mkdir
TL;DR: jest-coverage-badges depends on an outdated version of mkdir with security vulnerabilities Age: LEGACY
Estimated cost: SIMPLE
run npm audit
npm audit
=== npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Low │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ minimist │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=0.2.1 <1.0.0 || >=1.2.3 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ jest-coverage-badges [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ jest-coverage-badges > mkdirp > minimist │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1179 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 low severity vulnerability in 3 scanned packages
Any projects using jest-coverage-badges are getting security warnings (and with NPM 7, non-zero exit codes) on npm install
jest-coverage-badges
npm install
Critical in: 2 MONTHS
Update mkdirp dependency to latest which no longer depends on the problematic minimist library
mkdirp
minimist
(if don't you have any solution in mind, write it) This Tech debts still don't have any proposed issue. (if you have solutions in mind, describe it below) Solution 1.
(if don't you have any solution in mind, write it) This Tech debts still don't have any proposed issue.
(if you have solutions in mind, describe it below) Solution 1.
How
Pros :green_heart:
Cons :broken_heart:
files related
Any updates on this issue?
You can use this package : https://www.npmjs.com/package/jest-coverage-badges-ts
Security vulnerability in
mkdir
dependencySummary
Estimated cost: SIMPLE
Description :clipboard:
run
npm audit
Impact :bomb:
Any projects using
jest-coverage-badges
are getting security warnings (and with NPM 7, non-zero exit codes) onnpm install
Critical in: 2 MONTHS
Proposed solutions :squirrel:
Update
mkdirp
dependency to latest which no longer depends on the problematicminimist
libraryHow
Pros :green_heart:
Cons :broken_heart:
Observations :thinking:
Files related
files related
Other evidences
Depends on issue X