Comments (1)
lazarljubenovic
commented on June 2, 2024
Still a problem.
found 297 vulnerabilities (74 low, 1 moderate, 222 high)
fixed 220 of 297 vulnerabilities in 37345 scanned packages
1 vulnerability required manual review and could not be updated
3 package updates for 76 vulns involved breaking changes
fixed 76 of 77 vulnerabilities in 37290 scanned packages
1 vulnerability required manual review and could not be updated
3 package updates for 76 vulns involved breaking changes
I could fix all but one by using npm's audit tool. The remaining one is based on a pretty transitive dependency.
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ mem │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.0.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ semantic-release [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ semantic-release > @semantic-release/npm > npm > libnpx > │
│ │ yargs > os-locale > mem │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1084 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Versions of mem prior to 4.0.0 are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its maxAge property. This may allow attackers to exhaust the system's memory if they are able to abuse the application logging.
from typescript-library-starter.
Related Issues (20)
- [typings] How to merge d.ts files under one namespace?
- ES6 imports
- `Error: '__spreadArrays' is not exported by tslib` occurs when `npm run build` HOT 8
- automatically update year in license to current year
- use ISC license
- Source maps pointing outside of dist folder
- Import does not work HOT 1
- when i clone github project directly install times error
- README: add instructions/steps on how to use this together with `google/clasp`
- How to integrate REACT HOT 1
- Not getting autocompletion when importing published library in a project HOT 1
- Better post-install markdown file generation.
- some dependencies need upgrade
- How to use library version in package.json
- How should I got the correct version field in package.json?
- Is this package dead? HOT 7
- node_modules/@types/node/assert.d.ts(1) '{' or ';' expected. HOT 5
- Is it possible to use this to export a function that calls ReactDOM.render, rather than rendering automatically?
- Error: Cannot find module scoped private package HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from typescript-library-starter.