This repository has been archived by the owner on Mar 13, 2020. It is now read-only.
NPM: duplicate dependencies and audit warnings #99
Labels
Comments
|
Had the same issue on Ubuntu WSL, fixed using |
|
Thanks a lot :) Will give it a try. Would be nice with a FAQ or Troubleshooting guide listing these common issues and ways (hacks?) to resolve them... |
|
Wow, this is crazy. Asking me to choose a version for almost every single dependency... $ yarn install --unsafe-perms
yarn install v1.5.1
info No lockfile found.
[1/4] 🔍 Resolving packages...
warning polymer-cli > bower@1.8.2: ...psst! Your project can stop working at any moment because its dependencies can change. Prevent this by migrating to Yarn: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
warning polymer-cli > github@7.3.2: 'github' has been renamed to '@octokit/rest' (https://git.io/vNB11)
warning polymer-cli > web-component-tester > nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
warning polymer-cli > web-component-tester > sinon > formatio@1.2.0: This package is unmaintained. Use @sinonjs/formatio instead
warning replace > nomnom@1.6.2: Package no longer supported. Contact support@npmjs.com for more info.
warning replace > minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning wct-browser-legacy > sinon > formatio@1.1.1: This package is unmaintained. Use @sinonjs/formatio instead
info Unable to find a suitable version for "@webcomponents/webcomponentsjs", please choose one by typing one of the numbers below:
1) "@webcomponents/webcomponentsjs@^2.0.0" which resolved to "2.0.0"
2) "@webcomponents/webcomponentsjs@^1.0.7, @webcomponents/webcomponentsjs@^1.0.7" which resolved to "1.2.0"
Answer?: 1
info Unable to find a suitable version for "chai", please choose one by typing one of the numbers below:
1) "chai@^4.1.2, chai@^4.0.2" which resolved to "4.1.2"
2) "chai@^3.5.0" which resolved to "3.5.0"
Answer?: 1
info Unable to find a suitable version for "mocha", please choose one by typing one of the numbers below:
1) "mocha@^5.1.0" which resolved to "5.1.1"
2) "mocha@^3.4.2, mocha@^3.4.2" which resolved to "3.5.3"
Answer?: 1
info Unable to find a suitable version for "lodash", please choose one by typing one of the numbers below:
1) "lodash@^4.2.1, lodash@^4.3.0, lodash@^4.11.1, lodash@^4.11.1, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.17.4, lodash@^4.17.4, lodash@^4.17.2, lodash@^4.17.2, lodash@^4.14.0, lodash@^4.17.4, lodash@^4.8.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.2.0, lodash@^4.8.0, lodash@^4.17.4, lodash@^4.16.6, lodash@^4.2.0, lodash@^4.8.0, lodash@^4.8.0" which resolved to "4.17.10"
2) "lodash@^3.10.1, lodash@^3.0.0, lodash@^3.0.1, lodash@^3.10.1" which resolved to "3.10.1"
3) "lodash@4.16.2" which resolved to "4.16.2"
Answer?: 1
info Unable to find a suitable version for "deep-eql", please choose one by typing one of the numbers below:
1) "deep-eql@^3.0.0" which resolved to "3.0.1"
2) "deep-eql@^0.1.3" which resolved to "0.1.3"
Answer?: 1
info Unable to find a suitable version for "type-detect", please choose one by typing one of the numbers below:
1) "type-detect@^4.0.0, type-detect@^4.0.0, type-detect@^4.0.0" which resolved to "4.0.8"
2) "type-detect@^1.0.0" which resolved to "1.0.0"
3) "type-detect@0.1.1" which resolved to "0.1.1"
Answer?: 1
info Unable to find a suitable version for "browser-stdout", please choose one by typing one of the numbers below:
1) "browser-stdout@1.3.1" which resolved to "1.3.1"
2) "browser-stdout@1.3.0" which resolved to "1.3.0"
Answer?: 1
info Unable to find a suitable version for "commander", please choose one by typing one of the numbers below:
1) "commander@2.11.0" which resolved to "2.11.0"
2) "commander@2.9.0" which resolved to "2.9.0"
3) "commander@2.15.x, commander@~2.15.0, commander@^2.9.0, commander@^2.9.0" which resolved to "2.15.1"
Answer?: 3
info Unable to find a suitable version for "debug", please choose one by typing one of the numbers below:
1) "debug@3.1.0, debug@^3.1.0, debug@^3.1.0, debug@~3.1.0, debug@^3.0.1, debug@^3.1.0, debug@~3.1.0, debug@~3.1.0, debug@~3.1.0, debug@^3.0.0, debug@^3.1.0, debug@~3.1.0, debug@^3.1.0" which resolved to "3.1.0"
2) "debug@^2.0.0, debug@^2.1.0, debug@2, debug@^2.2.0, debug@^2.6.8, debug@2.6.9, debug@2.6.9, debug@2.6.9, debug@^2.6.8, debug@2.6.9, debug@^2.2.0, debug@^2.3.3, debug@2.6.9, debug@^2.6.8, debug@^2.2.0, debug@^2.1.2, debug@2.6.9" which resolved to "2.6.9"
3) "debug@2.6.8" which resolved to "2.6.8"
4) "debug@~2.2.0" which resolved to "2.2.0"
5) "debug@~2.1.1" which resolved to "2.1.3"
Answer?: 1
info Unable to find a suitable version for "diff", please choose one by typing one of the numbers below:
1) "diff@3.5.0, diff@^3.1.0" which resolved to "3.5.0"
2) "diff@^2.1.2" which resolved to "2.2.3"
3) "diff@3.2.0" which resolved to "3.2.0"
Answer?: 1
info Unable to find a suitable version for "glob", please choose one by typing one of the numbers below:
1) "glob@7.1.2, glob@^7.1.2, glob@^7.0.3, glob@^7.0.5, glob@^7.0.3, glob@^7.1.2, glob@^7.1.1, glob@^7.0.3, glob@^7.0.0, glob@^7.0.0, glob@^7.0.0, glob@^7.1.0" which resolved to "7.1.2"
2) "glob@^6.0.1" which resolved to "6.0.4"
3) "glob@7.1.1" which resolved to "7.1.1"
4) "glob@^5.0.3" which resolved to "5.0.15"
Answer?: 1
info Unable to find a suitable version for "growl", please choose one by typing one of the numbers below:
1) "growl@1.10.3" which resolved to "1.10.3"
2) "growl@1.9.2" which resolved to "1.9.2"
Answer?: 1
info Unable to find a suitable version for "minimatch", please choose one by typing one of the numbers below:
1) "minimatch@3.0.4, minimatch@^3.0.4, minimatch@^3.0.4, minimatch@2 || 3, minimatch@^3.0.2, minimatch@^3.0.2, minimatch@^3.0.2, minimatch@2 || 3, minimatch@^3.0.3, minimatch@^3.0.0, minimatch@^3.0.4" which resolved to "3.0.4"
2) "minimatch@~0.2.9" which resolved to "0.2.14"
Answer?: 1
info Unable to find a suitable version for "mkdirp", please choose one by typing one of the numbers below:
1) "mkdirp@0.5.1, mkdirp@^0.5.1, mkdirp@^0.5.1, mkdirp@^0.5.0, mkdirp@^0.5.0, mkdirp@0.5.1, mkdirp@^0.5.1, mkdirp@^0.5.0, mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@^0.5.1, mkdirp@^0.5.1, mkdirp@^0.5.1, mkdirp@^0.5.0" which resolved to "0.5.1"
2) "mkdirp@0.5.0" which resolved to "0.5.0"
Answer?: 1
info Unable to find a suitable version for "supports-color", please choose one by typing one of the numbers below:
1) "supports-color@4.4.0" which resolved to "4.4.0"
2) "supports-color@^2.0.0" which resolved to "2.0.0"
3) "supports-color@3.1.2" which resolved to "3.1.2"
4) "supports-color@^5.3.0" which resolved to "5.4.0"
Answer?: 4
info Unable to find a suitable version for "ms", please choose one by typing one of the numbers below:
1) "ms@2.0.0, ms@2.0.0, ms@2.0.0, ms@2.0.0" which resolved to "2.0.0"
2) "ms@0.7.2" which resolved to "0.7.2"
3) "ms@0.7.0, ms@0.7.0" which resolved to "0.7.0"
4) "ms@0.7.1" which resolved to "0.7.1"
Answer?: 1
info Unable to find a suitable version for "inherits", please choose one by typing one of the numbers below:
1) "inherits@2, inherits@^2.0.1, inherits@2, inherits@2, inherits@~2.0.3, inherits@^2.0.3, inherits@^2.0.1, inherits@2, inherits@~2.0.1, inherits@2.0.3, inherits@2.0.3, inherits@^2.0.1, inherits@~2.0.1, inherits@^2.0.3, inherits@2.0.3, inherits@^2.0.1, inherits@^2.0.3" which resolved to "2.0.3"
2) "inherits@2.0.1" which resolved to "2.0.1"
Answer?: 1
info Unable to find a suitable version for "minimist", please choose one by typing one of the numbers below:
1) "minimist@0.0.8, minimist@0.0.8" which resolved to "0.0.8"
2) "minimist@^1.2.0, minimist@^1.1.3, minimist@^1.2.0, minimist@^1.2.0" which resolved to "1.2.0"
3) "minimist@~0.0.1" which resolved to "0.0.10"
Answer?: 2
info Unable to find a suitable version for "has-flag", please choose one by typing one of the numbers below:
1) "has-flag@^2.0.0" which resolved to "2.0.0"
2) "has-flag@^1.0.0" which resolved to "1.0.0"
3) "has-flag@^3.0.0" which resolved to "3.0.0"
Answer?: 3
info Unable to find a suitable version for "@types/inquirer", please choose one by typing one of the numbers below:
1) "@types/inquirer@0.0.32" which resolved to "0.0.32"
2) "@types/inquirer@*" which resolved to "0.0.41"
Answer?: 2
info Unable to find a suitable version for "@types/mz", please choose one by typing one of the numbers below:
1) "@types/mz@^0.0.31, @types/mz@0.0.31" which resolved to "0.0.31"
2) "@types/mz@0.0.29" which resolved to "0.0.29"
Answer?: 1
info Unable to find a suitable version for "@types/resolve", please choose one by typing one of the numbers below:
1) "@types/resolve@0.0.4" which resolved to "0.0.4"
2) "@types/resolve@0.0.6, @types/resolve@0.0.6" which resolved to "0.0.6"
3) "@types/resolve@0.0.7" which resolved to "0.0.7"
Answer?: 3
info Unable to find a suitable version for "@types/vinyl-fs", please choose one by typing one of the numbers below:
1) "@types/vinyl-fs@0.0.28" which resolved to "0.0.28"
2) "@types/vinyl-fs@^2.4.8" which resolved to "2.4.8"
Answer?: 1
info Unable to find a suitable version for "chalk", please choose one by typing one of the numbers below:
1) "chalk@^1.1.3, chalk@^1.0.0, chalk@^1.1.3, chalk@^1.0.0, chalk@^1.0.0, chalk@^1.0.0, chalk@^1.1.3, chalk@^1.1.1, chalk@^1.0.0, chalk@^1.1.1, chalk@^1.1.1, chalk@^1.1.3, chalk@^1.1.1" which resolved to "1.1.3"
2) "chalk@^2.0.1, chalk@^2.0.1, chalk@^2.3.0, chalk@^2.0.0, chalk@^2.0.0" which resolved to "2.4.1"
3) "chalk@~0.4.0" which resolved to "0.4.0"
Answer?: 2
info Unable to find a suitable version for "command-line-args", please choose one by typing one of the numbers below:
1) "command-line-args@^3.0.0, command-line-args@^3.0.1, command-line-args@^3.0.1, command-line-args@^3.0.1, command-line-args@^3.0.1, command-line-args@^3.0.1" which resolved to "3.0.5"
2) "command-line-args@^4.0.4" which resolved to "4.0.7"
Answer?: 1
info Unable to find a suitable version for "command-line-usage", please choose one by typing one of the numbers below:
1) "command-line-usage@^3.0.1, command-line-usage@^3.0.3, command-line-usage@^3.0.3, command-line-usage@^3.0.5, command-line-usage@^3.0.3, command-line-usage@^3.0.5" which resolved to "3.0.8"
2) "command-line-usage@^4.0.0" which resolved to "4.1.0"
Answer?: 2
info Unable to find a suitable version for "findup-sync", please choose one by typing one of the numbers below:
1) "findup-sync@^0.4.2" which resolved to "0.4.3"
2) "findup-sync@^2.0.0" which resolved to "2.0.0"
Answer?: 2
info Unable to find a suitable version for "globby", please choose one by typing one of the numbers below:
1) "globby@^8.0.1" which resolved to "8.0.1"
2) "globby@^6.1.0, globby@^6.1.0" which resolved to "6.1.0"
3) "globby@^4.0.0" which resolved to "4.1.0"
Answer?: 1
info Unable to find a suitable version for "request", please choose one by typing one of the numbers below:
1) "request@^2.72.0, request@2.85.0, request@^2.85.0, request@^2.81.0" which resolved to "2.85.0"
2) "request@2.79.0" which resolved to "2.79.0"
Answer?: 2
info Unable to find a suitable version for "rimraf", please choose one by typing one of the numbers below:
1) "rimraf@^2.6.1, rimraf@^2.2.8, rimraf@^2.2.0, rimraf@^2.2.8, rimraf@^2.6.1, rimraf@^2.5.4, rimraf@^2.6.1" which resolved to "2.6.2"
2) "rimraf@~2.2.6" which resolved to "2.2.8"
Answer?: 1
info Unable to find a suitable version for "semver", please choose one by typing one of the numbers below:
1) "semver@^5.3.0, semver@^5.3.0, semver@^5.4.1, semver@^5.0.3, semver@^5.3.0, semver@^5.1.0, semver@^5.1.0, semver@2 || 3 || 4 || 5, semver@^5.5.0" which resolved to "5.5.0"
2) "semver@~5.0.1" which resolved to "5.0.3"
Answer?: 1
info Unable to find a suitable version for "update-notifier", please choose one by typing one of the numbers below:
1) "update-notifier@^1.0.0" which resolved to "1.0.3"
2) "update-notifier@^2.2.0, update-notifier@^2.3.0" which resolved to "2.5.0"
Answer?: 2
info Unable to find a suitable version for "vinyl", please choose one by typing one of the numbers below:
1) "vinyl@^1.1.1, vinyl@^1.2.0, vinyl@^1.0.0, vinyl@^1.0.0, vinyl@^1.1.0, vinyl@^1.1.0" which resolved to "1.2.0"
2) "vinyl@^2.0.1" which resolved to "2.1.0"
Answer?: 2
info Unable to find a suitable version for "@types/node", please choose one by typing one of the numbers below:
1) "@types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*, @types/node@*" which resolved to "10.0.8"
2) "@types/node@^4.2.3, @types/node@^4.0.30" which resolved to "4.2.23"
3) "@types/node@^9.6.4, @types/node@^9.6.4, @types/node@^9.6.4, @types/node@^9.6.4, @types/node@^9.3.0" which resolved to "9.6.15"
4) "@types/node@^6.0.0" which resolved to "6.0.110"
5) "@types/node@^8.0.47" which resolved to "8.10.14"
Answer?: I'm bailing out! |
|
Looks like it hasn't been tested or just doesn't work with $ npm install --unsafe-perms
> fsevents@1.2.3 install /Users/kristianmandrup/repos/tecla5-pwa/node_modules/polymer-cli/node_modules/fsevents
> node install
[fsevents] Success: "/Users/kristianmandrup/repos/tecla5-pwa/node_modules/polymer-cli/node_modules/fsevents/lib/binding/Release/node-v59-darwin-x64/fse.node" is installed via remote
> wd@1.6.2 install /Users/kristianmandrup/repos/tecla5-pwa/node_modules/polymer-cli/node_modules/wd
> node scripts/build-browser-scripts
> puppeteer@1.4.0 install /Users/kristianmandrup/repos/tecla5-pwa/node_modules/puppeteer
> node install.js
Downloading Chromium r555668 - 76.4 Mb [====== ] 32% 153.1s
added 2185 packages from 1802 contributors in 321.96s
[!] 51 vulnerabilities found [16961 packages audited]
Severity: 31 low | 11 moderate | 7 high | 2 critical
Run `npm audit` for more detailLooking "good" ;) But 2200 packages added and 51 vulnerabilities found... Please make a note to run with |
|
Vulnerability report $ npm audit
=== npm audit security report ===
# Run `npm install replace@1.0.0` to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ replace [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ replace > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
# Run `npm update lodash --depth 5` to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wd > async > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
# Run `npm update rc --depth 5` to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > chokidar > fsevents > node-pre-gyp > rc > │
│ │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > bower-json > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > command-line-usage > table-layout > │
│ │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polymer-build > css-slam > command-line-usage │
│ │ > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polymer-build > polymer-bundler > │
│ │ command-line-usage > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polymer-bundler > command-line-usage > │
│ │ table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polyserve > command-line-usage > table-layout │
│ │ > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polyserve > polymer-build > css-slam > │
│ │ command-line-usage > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polyserve > polymer-build > polymer-bundler > │
│ │ command-line-usage > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > polyserve > │
│ │ command-line-usage > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > polyserve > │
│ │ polymer-build > css-slam > command-line-usage > table-layout │
│ │ > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > polyserve > │
│ │ polymer-build > polymer-bundler > command-line-usage > │
│ │ table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > yeoman-generator > mem-fs-editor > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polyserve [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polyserve > command-line-usage > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polyserve [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polyserve > polymer-build > css-slam > command-line-usage > │
│ │ table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polyserve [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polyserve > polymer-build > polymer-bundler > │
│ │ command-line-usage > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ renamer [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ renamer > app-usage-stats > usage-stats > cli-commands > │
│ │ command-line-usage > table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ renamer [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ renamer > command-line-tool > command-line-usage > │
│ │ table-layout > deep-extend │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/612 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > mocha > growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/146 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wct-browser-legacy [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ wct-browser-legacy > mocha > growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/146 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polyserve > send > fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/526 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > polyserve > send > │
│ │ fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/526 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polyserve [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polyserve > send > fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/526 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > send > fresh │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/526 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ https-proxy-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > github > https-proxy-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/593 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ https-proxy-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wct-local > launchpad > │
│ │ browserstack > https-proxy-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/593 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polyserve > send > mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/535 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > polyserve > send > mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/535 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polyserve [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polyserve > send > mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/535 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > send > mime │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/535 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > stacky > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wct-sauce > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wct-browser-legacy [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ wct-browser-legacy > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wct-browser-legacy [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ wct-browser-legacy > stacky > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wd > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > polyserve > send > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > polyserve > send > │
│ │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polyserve [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polyserve > send > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > mocha > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wct-browser-legacy [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ wct-browser-legacy > mocha > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > send > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ms │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > send > debug > ms │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/46 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ms │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > send > ms │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/46 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wct-local > │
│ │ selenium-standalone > request > hawk > boom > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wct-local > │
│ │ selenium-standalone > request > hawk > cryptiles > boom > │
│ │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wct-local > │
│ │ selenium-standalone > request > hawk > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wct-local > │
│ │ selenium-standalone > request > hawk > sntp > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ polymer-cli [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ polymer-cli > web-component-tester > wct-local > │
│ │ selenium-standalone > request > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
[!] 51 vulnerabilities found - Packages audited: 16961 (16932 dev, 510 optional)
Severity: 31 low | 11 moderate | 7 high | 2 critical |
|
Recommended security fixes after install:
critical
high
moderate
Most (if not all) of these are dependencies of I hope this report can help others including the core team to fix these issues, hopefully during the next few weeks. |
|
The dependency warnings are a |
|
There are some open issues/PRs in tools to remove these warnings (including but not limited to):
Additionally, there are dependencies to renamer and replace which could possibly be fixed as part of #95 |
keanulee
changed the title
|
Only Polymer/tools#374 is left open in the list above. Is that "it"? Is this closable after that? |
|
On a clean install, I just got 9 reported vulnerabilities that have to be fixed manually. I don't know if it helps, but here is my audit output. |
|
Please close it and let's move on. Especially if you can resolve those 9 vulnerabilities reported as well. Cheers :) |
|
I'm working with the tools team to try to update at least some of the higher-priority vulnerabilities. Some of the patches contain breaking changes, so it may not be possible to fix everything without breaking changes to polymer-cli itself (which serves other users). I want to keep this issue here for tracking/discoverability purposes, but not thinking of it as a blocker. |
|
Updated to polymer-cli@1.9.3 in #299. After this update, there will be 3 low severity vulnerabilities. Closing this issue as the major vulnerabilities have been fixed. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Could this be an OSX issue, that the path is too long?
I even tried running
sudo npm installto no effectThe text was updated successfully, but these errors were encountered: