Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm audit security report - Prototype Pollution

See original GitHub issue

Preflight Checklist

  • I have read the contribution documentation for this project.
  • I agree to follow the code of conduct that this project follows, as appropriate.
  • I have searched the issue tracker for a bug that matches the one I want to file, without success.

Issue Details

  • Electron Packager Version:
    • 14.2.1
  • Electron Version:
    • 8.2.5
  • Operating System:
    • Windows 10 (1909)

Expected Behavior

npm audit command should return no vulnerabilities

Actual Behavior

npm audit command returns

                       === npm audit security report ===                        
                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
          Visit for additional guidance           
  Low             Prototype Pollution                                           
  Package         yargs-parser                                                  
  Patched in      >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2              
  Dependency of   electron-packager [dev]                                       
  Path            electron-packager > yargs-parser                              
  More info                             
found 1 low severity vulnerability in 5101 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:15 (3 by maintainers)

github_iconTop GitHub Comments

maleptcommented, Jun 27, 2020

This should be fixed with version 15.0.0.

ZaDarkSidecommented, Jun 28, 2020

This is a problem with webpack-dev-server package not electron-packager. You can post them an issue about this here

Read more comments on GitHub >

github_iconTop Results From Across the Web

What is prototype pollution and why is it such a big deal?
In this case, first, you should check if you are affected by a vulnerable package by running the npm-audit command and you can...
Read more >
npm-audit-report@1.1.0 vulnerabilities - Snyk
Learn more about npm-audit-report@1.1.0 vulnerabilities. npm-audit-report@1.1.0 ... Affected versions of this package are vulnerable to Prototype Pollution.
Read more >
Prototype Pollution - npm vulnerability can't be fixed?
I am starting a new react project, and I just installed the very basic package (npx create-react-app) without anything else. When I run...
Read more >
The Complete Guide to Prototype Pollution Vulnerabilities
Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential ...
Read more >
Fixing security vulnerabilities in npm dependencies in less ...
npm audit log showing minimist as a prototype pollution vulnerability. npm audit log. 2) Github security policy can also notify you — something...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found