Security: Out of Date

[PhearZero]

Project is out of date and needs to be updated to use the latest node-gyp and any LTS release. We are about 2 years past v0.10 and this needs to be corrected asap. There are a few XSS attacks in the older versions of NodeJS and you might want to get them patched

SecList Subset on Nodejs -> https://www.cvedetails.com/vulnerability-list/vendor_id-12113/Nodejs.html https://www.cvedetails.com/cve/CVE-2016-2086/ https://github.com/nodejs/LTS

• [X] Update c/c++ bindings to node-gyp v3.6.2 / Node - LTS
• [ ] Update codebase to at least es2015 (possibly ES6 for future proofing)

[zone117x]

Agreed. Pull requests are welcome. I know there has been some work on NOMP (similar codebase) to get it working with latest node. I'm not paying very close attention but looks like its mostly the c/c++ node extensions that need updated.

[PhearZero]

Yea that's what I noticed and I'm gonna try to push this downstream to some other CryptoNote projects. We can port to es2015 with no problems but like you mentioned the node-gyp bindings are WAY different these days. I started the other day but got pulled off in another direction. Let's get this thing jiggling. I'll branch out from this issue and we can go from there

[PhearZero]

:boom: :tada: :fire: It's late here and I pushed that issue branch to the wrong fork. lol :beer: :see_no_evil: https://travis-ci.org/PhearZero/node-multi-hashing