search

rizowski / eslint-watch

ESLint with simple watching capabilities
https://www.npmjs.com/package/eslint-watch
MIT License
193 stars 29 forks source link

npm audit high priority warning #153

Closed dennismphil closed 5 years ago

dennismphil commented 5 years ago

Environment

Basic Description of the problem

Due to a dependency npm audit is showing a high priority warning using this package.

=== npm audit security report ===  

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Arbitrary File Overwrite                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tar                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint-watch [dev]                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ eslint-watch > chokidar > fsevents > node-pre-gyp > tar      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/803                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

How to reproduce it

  1. Command: npm i eslint-watch
  2. npm audit
rizowski commented 5 years ago

Fixed with v5.1.0