Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

minimist security issue

See original GitHub issue

GitHub reports a security advisory of all users of minimist <1.2.2: https://github.com/advisories/GHSA-7fhm-mqm4-2wp7

forever is depending on the deprecated optimist package: https://www.npmjs.com/package/optimist. That package depends on minimist ~0.0.1.

The solution is to switch to a recent minimist directly or to yargs or a similar package.

Issue Analytics

State:
Created 3 years ago
Reactions:7
Comments:12 (7 by maintainers)

Top GitHub Comments

7reactions

kibertoadcommented, Apr 6, 2020

I’ll look into replacing optimist, as that library is dead

2reactions

kibertoadcommented, May 22, 2020

Replacing optimist will take some time that I don’t currently have, unfortunately; if anyone would volunteer to make a PR, that would be appreciated greatly.

Meanwhile I’ve pinged @substack wrt to lending a hand to fix security issue on the optimist side, hopefully that works out as a stopgap solution.

Top Results From Across the Web

minimist vulnerabilities | Snyk

version published direct vulnerabilities 0.2.2 11 Oct, 2022 0. C. 0. H. 0. M. 1. L 1.2.7 10 Oct, 2022 0. C. 0. H. 0....

Moderate severity vulnerabilities due to minimist

I'm running into a huge number of vulnerabilities. There are 583 vulnerabilities all associated with the package minimist.

Minimist vulnerability CVE-2021-44906 · Issue #674 - GitHub

minimist : v1.2.5 brings in a security vulnerability which is currently has no fix. The following dependency chain makes node-config a ...

Fixing security vulnerabilities in npm dependencies in less ...

In my case minimist was a dependency of knexnest > knex module. This does fix the vulnerability issue, but when I run npm...

Prototype Pollution Vulnerability in the minimist library (+4 More)

Learn more about our SCA solution. Schedule a Demo. Verified Security Data. The most accurate and complete database of public and private vulnerabilities....