Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
npm audit security report - Prototype Pollution
See original GitHub issuePreflight Checklist
- I have read the contribution documentation for this project.
- I agree to follow the code of conduct that this project follows, as appropriate.
- I have searched the issue tracker for a bug that matches the one I want to file, without success.
Issue Details
- Electron Packager Version:
- 14.2.1
- Electron Version:
- 8.2.5
- Operating System:
- Windows 10 (1909)
Expected Behavior
npm audit command should return no vulnerabilities
Actual Behavior
npm audit command returns
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of electron-packager [dev]
Path electron-packager > yargs-parser
More info https://npmjs.com/advisories/1500
found 1 low severity vulnerability in 5101 scanned packages
1 vulnerability requires manual review. See the full report for details.
Issue Analytics
- State:
- Created 3 years ago
- Comments:15 (3 by maintainers)
Top Results From Across the Web
What is prototype pollution and why is it such a big deal?
In this case, first, you should check if you are affected by a vulnerable package by running the npm-audit command and you can...
Read more >npm-audit-report@1.1.0 vulnerabilities - Snyk
Learn more about npm-audit-report@1.1.0 vulnerabilities. npm-audit-report@1.1.0 ... Affected versions of this package are vulnerable to Prototype Pollution.
Read more >Prototype Pollution - npm vulnerability can't be fixed?
I am starting a new react project, and I just installed the very basic package (npx create-react-app) without anything else. When I run...
Read more >The Complete Guide to Prototype Pollution Vulnerabilities
Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential ...
Read more >Fixing security vulnerabilities in npm dependencies in less ...
npm audit log showing minimist as a prototype pollution vulnerability. npm audit log. 2) Github security policy can also notify you — something...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This should be fixed with version 15.0.0.
This is a problem with
webpack-dev-serverpackage notelectron-packager. You can post them an issue about this here https://github.com/webpack/webpack-dev-server/issues