DiamondeX
commented
3 years ago Looks like all of the vulnerabilities are coming from package-build-stats for the BundlePhobia usage.
Closed DiamondeX closed 3 years ago
DiamondeX
commented
3 years ago Looks like all of the vulnerabilities are coming from package-build-stats for the BundlePhobia usage.
rafgraph
commented
3 years ago I don’t believe any of these can be exploited when used in a non-server context where the user controls the input.
Are there any specific vulnerabilities that you’re worried about in the context of Rollpkg?
Also, I’d suggest opening an issue with the package-build-stats library as this is an upstream issue.
DiamondeX
commented
3 years ago Agree. Then you can close this issue
Creating a template according to provided instructions (after Install
rollpkgandtypescript) gives the following message:The same output you can get with
npm audit.Are there any plans to fix this?
Otherwise, I like this tool and the approaches used in it and would like to use it