question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Remove compromised dependency static-module

See original GitHub issue

The node-security platform reported that static-module is compromised (because it includes static-eval), should probably move off it.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:5
  • Comments:10 (4 by maintainers)

github_iconTop GitHub Comments

3reactions
kujoncommented, Oct 23, 2017

https://nodesecurity.io/advisories/548 Details of the issue here.

2reactions
goto-bus-stopcommented, Jan 31, 2018

Published as 1.4.4

Read more comments on GitHub >

github_iconTop Results From Across the Web

Remove Dependencies · Issue #475 · auth0/node-jsonwebtoken
I find value in packages which strive to be dependencies less. I especially think when the package is utilized for security or authorization/ ......
Read more >
Dependency substitution attacks - CodeArtifact
This causes a "confusion" or "substitution" between the desired package and the malicious package, leading to the code being compromised.
Read more >
Dependency Confusion - ActiveState
The compromised dependency is typically a clone of the original (to fulfill all functional requirements for use in an application), ...
Read more >
Uninstalling packages and dependencies - npm Docs
To remove a package from your node_modules directory, on the command line, use the uninstall command. Include the scope if the package is...
Read more >
Supply Chain Compromises Through Node.js Packages
They also have a high prevalence of complex dependencies, ... security team removed the compromised “coa” and “rc” versions of the packages.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found