search

sass / node-sass-middleware

connect middleware extracted from node-sass
MIT License
262 stars 84 forks source link

Security vulnerability #121

Closed telion2 closed 5 years ago

telion2 commented 5 years ago

Hello I just run an npm audit on my project I just initialized with this package as a dependecy.

This is the report and I am not sure if it is a problem of me or a problem of this package: 


                       === npm audit security report ===                        

                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             

          Visit https://go.npm.me/audit-guide for additional guidance           

  High            Arbitrary File Overwrite                                      

  Package         tar                                                           

  Patched in      >=4.4.2                                                       

  Dependency of   node-sass-middleware                                          

  Path            node-sass-middleware > node-sass > node-gyp > tar             

  More info       https://npmjs.com/advisories/803                              

found 1 high severity vulnerability in 667 scanned packages
  1 vulnerability requires manual review. See the full report for details.
nschonni commented 5 years ago

Please subscribe to https://github.com/sass/node-sass/issues/2625 for updates