Missing Origin Validation in react-scripts@2.1.2
See original GitHub issueIs this a bug report?
Yes, NPM reports 1 high severity vulnerability when running npx create-react-app my-app
. Not sure why I canβt find a bug report already about this issue. Sorry if it has already been reported.
According to npm audit
, the webpack-dev-server
dependency has to be upgraded to >=3.1.11
.
Environment
npx create-react-app --info
npx: installed 63 in 2.22s
Environment Info:
System:
OS: macOS High Sierra 10.13.6
CPU: x64 Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz
Binaries:
Node: 10.11.0 - /usr/local/bin/node
npm: 6.5.0 - ~/Sites/theregulars/theregulars-reviews/node_modules/.bin/npm
Browsers:
Chrome: 71.0.3578.98
Firefox: 64.0
Safari: 12.0.2
npmPackages:
react: ^16.6.3 => 16.6.3
react-dom: ^16.6.3 => 16.6.3
react-scripts: ^2.1.2 => 2.1.2
npmGlobalPackages:
create-react-app: Not Found
Steps to Reproduce
npx create-react-app my-app
cd my-appβΈ¨β β β β β β β β β β β β β β β β β β βΈ© β § rollbackFailedOptional: verb npm-session 2bed87enpx: installed 63 in 4.162s
Creating a new React app in /Users/sunknudsen/tmp/my-app.
Installing packages. This might take a couple of minutes.
Installing react, react-dom, and react-scripts...
> fsevents@1.2.4 install /Users/sunknudsen/tmp/my-app/node_modules/fsevents
> node install
[fsevents] Success: "/Users/sunknudsen/tmp/my-app/node_modules/fsevents/lib/binding/Release/node-v64-darwin-x64/fse.node" already installed
Pass --update-binary to reinstall or --build-from-source to recompile
+ react-scripts@2.1.2
+ react@16.7.0
+ react-dom@16.7.0
added 1794 packages from 684 contributors and audited 35709 packages in 47.487s
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
Initialized a git repository.
Success! Created my-app at /Users/sunknudsen/tmp/my-app
Inside that directory, you can run several commands:
npm start
Starts the development server.
npm run build
Bundles the app into static files for production.
npm test
Starts the test runner.
npm run eject
Removes this tool and copies build dependencies, configuration files
and scripts into the app directory. If you do this, you canβt go back!
We suggest that you begin by typing:
cd my-app
npm start
Happy hacking!
npm audit
=== npm audit security report ===
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Manual Review β
β Some vulnerabilities require your attention to resolve β
β β
β Visit https://go.npm.me/audit-guide for additional guidance β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β High β Missing Origin Validation β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Package β webpack-dev-server β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Patched in β >=3.1.11 β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Dependency of β react-scripts β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Path β react-scripts > webpack-dev-server β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β More info β https://nodesecurity.io/advisories/725 β
βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
found 1 high severity vulnerability in 35709 scanned packages
1 vulnerability requires manual review. See the full report for details.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:34
- Comments:29 (8 by maintainers)
Top Results From Across the Web
Missing Origin Validation in Package webpack-dev-server ...
I have 'Client' folder where i keep all my react code. After uploading code in server, I run 'npm install'. All the dependencies...
Read more >Missing Origin Validation during npm install #1566 - GitHub
Anyone manage to run npm install laravel-mix without hitting any error even after a month ? All reactions.
Read more >Missing Origin Validation in webpack-dev-server - Laracasts
I have this when I run npm install. Anyone have ideas how to fix? This started happening only yesterday I believe. Following the...
Read more >CWE-1385: Missing Origin Validation in WebSockets (4.9)
The software uses a WebSocket, but it does not properly verify that the source of data or communication is valid. WebSockets provide a...
Read more >How to fix Missing Origin Validation error for βwebpack-dev ...
npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additionalΒ ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Just gave a nudge to @gaearon. Hoping to get a patch out soon. Sorry for the delay!
v2.1.3 is available. Please let me know if you have any more issues!