$ cd test
johnd@RazerBlade MINGW64 ~/test
$ npm install surge
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
added 112 packages in 10s
4 packages are looking for funding
run `npm fund` for details
johnd@RazerBlade MINGW64 ~/test
$ npm audit
# npm audit report
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix --force`
Will install surge@0.9.0, which is a breaking change
node_modules/minimist
surge >=0.1.0
Depends on vulnerable versions of minimist
Depends on vulnerable versions of request
node_modules/surge
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install surge@0.9.0, which is a breaking change
node_modules/request
3 vulnerabilities (1 moderate, 2 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
However, even using npm audit fix --force did not clear up the critical vulnerabilities
However, even using npm audit fix --force did not clear up the critical vulnerabilities