pdehaan
commented
9 years ago Here was my full install log:
$ git clone https://github.com/txtszas/webtail.git .
$ npm install
$ npm shrinkwrap --dev
wrote npm-shrinkwrap.json
$ # sudo npm i nsp -g
$ nsp audit-shrinkwrap
Name Installed Patched Vulnerable Dependency
qs 0.6.5 >= 1.x esaytail > connect
send 0.1.4 >= 0.8.4 esaytail > connect
validator 1.5.0 >=2.0.0 esaytail
$ npm outdated --depth 0
Package Current Wanted Latest Location
commander 1.3.2 1.3.2 2.5.0 commander
connect 2.11.0 2.11.0 3.3.1 connect
cookie 0.1.0 0.1.0 0.1.2 cookie
socket.io 0.9.16 0.9.16 1.2.0 socket.io
validator 1.5.0 1.5.0 3.22.0 validator
# .travis.yml not found
$ # sudo npm i package-json-validator -g
$ pjv -wr
{ valid: true,
warnings:
[ 'Missing recommended field: bugs',
'Missing recommended field: contributors' ],
recommendations:
[ 'Missing optional field: homepage',
'Missing optional field: engines' ] }
See https://nodesecurity.io/advisories/validator_XSS_Filter_Bypass_via_Encoded_URL (you also may want to bump connect to fix some earlier issues w/ qs and send, see comment below).