Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

minimist security issue

See original GitHub issue

GitHub reports a security advisory of all users of minimist <1.2.2:

forever is depending on the deprecated optimist package: That package depends on minimist ~0.0.1.

The solution is to switch to a recent minimist directly or to yargs or a similar package.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Reactions:7
  • Comments:12 (7 by maintainers)

github_iconTop GitHub Comments

kibertoadcommented, Apr 6, 2020

I’ll look into replacing optimist, as that library is dead

kibertoadcommented, May 22, 2020

Replacing optimist will take some time that I don’t currently have, unfortunately; if anyone would volunteer to make a PR, that would be appreciated greatly.

Meanwhile I’ve pinged @substack wrt to lending a hand to fix security issue on the optimist side, hopefully that works out as a stopgap solution.

Read more comments on GitHub >

github_iconTop Results From Across the Web

minimist vulnerabilities | Snyk
version published direct vulnerabilities 0.2.2 11 Oct, 2022 0. C. 0. H. 0. M. 1. L 1.2.7 10 Oct, 2022 0. C. 0. H. 0....
Read more >
Moderate severity vulnerabilities due to minimist
I'm running into a huge number of vulnerabilities. There are 583 vulnerabilities all associated with the package minimist.
Read more >
Minimist vulnerability CVE-2021-44906 · Issue #674 - GitHub
minimist : v1.2.5 brings in a security vulnerability which is currently has no fix. The following dependency chain makes node-config a ...
Read more >
Fixing security vulnerabilities in npm dependencies in less ...
In my case minimist was a dependency of knexnest > knex module. This does fix the vulnerability issue, but when I run npm...
Read more >
Prototype Pollution Vulnerability in the minimist library (+4 More)
Learn more about our SCA solution. Schedule a Demo. Verified Security Data. The most accurate and complete database of public and private vulnerabilities....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found