Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
hoek dependency potential security vulnerability
See original GitHub issueGithub sent me the message: We found a potential security vulnerability in one of your dependencies. A dependency defined in ./package-lock.json has known security vulnerabilities and should be updated.
When I click on the details it say:
When I looked at what package is dependent on hoek I found this.
# npm ls hoek
/code
└─┬ gulp-sass@4.0.1
└─┬ node-sass@4.9.0
└─┬ request@2.79.0
└─┬ hawk@3.1.3
├─┬ boom@2.10.1
│ └── hoek@2.16.3 deduped
├── hoek@2.16.3
└─┬ sntp@1.0.9
└── hoek@2.16.3 deduped
Issue Analytics
- State:
- Created 5 years ago
- Reactions:21
- Comments:20
Top Results From Across the Web
Github potential security vulnerability error for hoek node ...
We found a potential security vulnerability in one of your dependencies. A dependency defined in ./package-lock.json has known security ...
Read more >Fixing security vulnerabilities in npm dependencies in less ...
So a better solution here would be to only delete the lines corresponding to the vulnerable package in your package-lock.json(or yarn.lock) file. Run...
Read more >Github potential security vulnerability error for hoek node module ...
We found a potential security vulnerability in one of your dependencies. A dependency defined in ./package-lock.json has known security vulnerabilities and ...
Read more >Auditing package dependencies for security vulnerabilities
If no security vulnerabilities are found, this means that packages with known vulnerabilities were not found in your package dependency tree. Since the...
Read more >NPM security: preventing supply chain attacks - Snyk
Developers are fundamentally rooted in growing security incidents, such as the peacenotwar module, the dependency confusion attack against gmx- ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The solution to this issue is to change the version manually in your package-lock.json. Change your version manually from 2.16.3 to 4.2.1
"hoek": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.1.tgz", "integrity": "sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0=", "dev": trueThen update your project on GitHub(commit/push) Just make sure every hoek version in your package-lock.json version is changed to 4.2.1This is unavoidable for at the moment. We need node-gyp to bump their request dependency.
Redirect your enthusiasm @ https://github.com/nodejs/node-gyp/pull/1492