v3.0.1 does not work with NodeJS
See original GitHub issuev3.0.1 of dependency-check no longer works on NodeJS/NPM projects.
Reproduce the issue by following these steps using both dependency-check@v2.0.1 and dependency-check@v3.0.1:
- Set up an example NodeJS/NPM project and install a package with a known vulnerability
- I used an old version of uglify-js, any version before 2.6.0 has vulnerabilities:
mkdir test && cd test && npm init -y && npm i -D uglify-js@2.4.1
- Run dependency-check on the project:
dependency-check --enableExperimental --project test --log ./log.txt -f ALL -o ./ -s ./
v2.0.1 Scan Info and Results:
- dependency-check version: 2.0.1
- Dependencies Scanned: 24 (8 unique)
- Vulnerable Dependencies: 1
- Vulnerabilities Found: 3
- Vulnerabilities Suppressed: 0
- Vulnerabilities:
- cpe:/a:uglifyjs_project:uglifyjs:2.4.1
- CVE-2015-8858
- NSP-48
- NSP-39
v3.0.1Scan Info and Results:
- dependency-check version: 3.0.1
- Dependencies Scanned: 9 (8 unique)
- Vulnerable Dependencies: 0
- Vulnerabilities Found: 0
- Vulnerabilities Suppressed: 0
- Vulnerabilities:
- NONE
Issue Analytics
- State:
- Created 6 years ago
- Comments:8 (2 by maintainers)
Top Results From Across the Web
npm WARN npm npm does not support Node.js v9.1.0
It turns out that the current installed npm is not compatible with the new node and has a hard time updating. The solution...
Read more >Nov 3 2022 Security Releases - Node.js
(Update 04-November-2022) Security releases available. Updates are now available for v14,x, v16.x, v18.x and v19.x Node.js release lines for ...
Read more >15 Common Error Codes in Node.js and How to Fix Them
However, most of the information to fix these problems are currently ... 3. ETIMEDOUT. The ETIMEDOUT error is thrown by the Node.js runtime ......
Read more >Troubleshooting | Puppeteer
For the former, we do not support deprecated versions of Node.js. ... such as jest ) will work (e.g. https://github.com/puppeteer/puppeteer/issues/9121) ...
Read more >Express/Node introduction - Learn web development | MDN
Node (or more formally Node.js) is an open-source, cross-platform ... Other common web-development tasks are not directly supported by Node ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@stevespringett Maybe this one? 😬
see rxaviers/gist:7360908 :octocat:
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.