Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
npm audit is reporting a security vulnerability when installing amplitude-js
See original GitHub issue$ npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ amplitude-js │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ amplitude-js > @segment/top-domain > component-cookie > │
│ │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 55729 scanned packages
1 vulnerability requires manual review. See the full report for details.
$ npm ls
...
├─┬ amplitude-js@4.5.1
│ ├─┬ @segment/top-domain@3.0.0
│ │ ├─┬ component-cookie@1.1.4
│ │ │ └─┬ debug@2.2.0
...
The @segment/top-domain package has not been updated in 2 years. I suggest switching to something else, or building that functionality yourself…
Issue Analytics
- State:
- Created 5 years ago
- Reactions:4
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Auditing package dependencies for security vulnerabilities
To upgrade, run npm install npm@latest -g . The npm audit command submits a description of the dependencies configured in your package to...
Read more >How to Fix Security Vulnerabilities with NPM
Get a detailed report of the security vulnerabilities with npm audit. It will show in which package you have the issue, severity, ...
Read more >Security warning deluge from 'npm audit' is driving ...
JavaScript developers using npm could thereafter type npm audit and they'd receive a security analysis of their projects' dependency tree ...
Read more >How to run a security audit with npm audit
Running npm audit produces a report of security vulnerabilities with the affected package name, vulnerability severity and description, ...
Read more >vulnerability audit on npm install [duplicate] - node.js
It's a tool to check if your project's dependencies have some known vulnerabilities. It has nothing to do with your environment, local or...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
any updates here?
@blazzy when are you planning to release
v4.6.1?