Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
NPM audit found 1 high severity vulnerability - Prototype Pollution in node-forge
See original GitHub issueNPM audit found 1 high severity vulnerability - Prototype Pollution in node-forge
Sorry to say, but the npm audit found one more security vulnerability in the react-scripts v 3.4.3
Run npm update selfsigned --depth 3 to resolve 1 vulnerability
High Prototype Pollution in node-forge
Package node-forge
Dependency of react-scripts
Path react-scripts > webpack-dev-server > selfsigned > node-forge
More info https://npmjs.com/advisories/1561
This is probably a false positive report, but it fails CI/CD as far as it has high severity and existed in non-dev dependencies.
Steps to reproduce:
npx create-react-app demo-app
npm audit
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:7 (1 by maintainers)
Top Results From Across the Web
Prototype Pollution in node-forge - Snyk Vulnerability Database
Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing ...
Read more >Vulnerability detected in node-forge - Stack Overflow
I've recently started a new Vue.js project. After my most recent GitHub commit, I received the following Dependabot notice: Known high severity ......
Read more >vulnerabilities in npm dependencies - libup
There are 158 npm security advisories affecting our repositories. #1067342: minimist. Severity: critical. Prototype Pollution in minimist advisory. Affected ...
Read more >yarn-audit-fix - npm
Start using yarn-audit-fix in your project by running `npm i ... 1 high severity vulnerability To address all issues, run: npm audit fix ......
Read more >Npm found 46 high severity vulnerabilities? : r/learnjavascript
After I run 'npm audit' to get more details all 46 of them are 'Prototype pollution in node-forge'. What does it mean and...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I got four similar warnings for node-forge from firebase-tools in
firebase-tools > @google-cloud/pubsub > google-auth-library > gtoken > google-p12-pem > node-forgeThis is indeed a false positive. It is resolved upstream so there is nothing for us to do here. If you see this, regenerate your lockfile.