NPM Audit information



  • @rstoenescu FYI…

    $ npm audit
    
                           === npm audit security report ===
    
    ┌──────────────────────────────────────────────────────────────────────────────┐
    │                                Manual Review                                 │
    │            Some vulnerabilities require your attention to resolve            │
    │                                                                              │
    │         Visit https://go.npm.me/audit-guide for additional guidance          │
    └──────────────────────────────────────────────────────────────────────────────┘
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ Low           │ Prototype Pollution                                          │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ lodash                                                       │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Patched in    │ >=4.17.5                                                     │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ quasar-cli [dev]                                             │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ quasar-cli > ouch > lodash                                   │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://nodesecurity.io/advisories/577                       │
    └───────────────┴──────────────────────────────────────────────────────────────┘
    found 1 low severity vulnerability in 14191 scanned packages
      1 vulnerability requires manual review. See the full report for details.
    $ quasar -v
    0.17.9
    $
    

  • Admin

    Hi,

    Report it to Ouch npm package owners pls. This does not affects the distributables created with Quasar as Ouch is used only while developing.



  • I believe they just fixed this: https://github.com/quorrajs/Ouch/issues/16