Malicious package in protractor lib dependencies
See original GitHub issueSecurity issue
- Node Version:
8.4.0
- Protractor Version:
5.3.2
Hi, Team! Recently I found vulnerable package in protractor dependencies when was analyzing small protractor project using Snyk tool. I’ve opened issue in webdriver-js-extender repository and now waiting for response. Issue related to usage of outdated selenium-webdriver package version. They’ve already fixed it and replaced adm-zip(vulnerable package previously used by selenium-webdriver). Please pay attention to this.
Best regards, Igor
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:7 (4 by maintainers)
Top Results From Across the Web
protractor - npm
Start using protractor in your project by running `npm i protractor`. ... TypeScript icon, indicating that this package has built-in type ...
Read more >protractor - npm Package Health Analysis - Snyk
All security vulnerabilities belong to production dependencies of direct and indirect packages. License: MIT. Security Policy: No.
Read more >How to Protect Your App From Malicious Dependencies
Imagine a maintainer, or a hacker with access to the maintainer's account decides to publish a new release replacing the library with malware....
Read more >unable to resolve dependency tree error for creating new ...
Run the Angular project creation without automatic npm packages ... your package.json have all versions matching other supporting library ...
Read more >my-lib-kinokoym - NPM Package Overview - Socket - Socket.dev
Start using Socket to analyze my-lib-kinokoym and its 12 dependencies to secure your app from ... Run ng e2e to execute the end-to-end...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
#4882
Hi, @Quenty ! Thanks for investigation) As I said, adm-zip replaced with jszip in selenium-webdriver package. So, update of webdriver-js-extender dependencies will fix this issue.