Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[SECURITY] `coa` is compromised - vue create

See original GitHub issue

Version

4.5.11

Environment info

System:
    OS: macOS 12.0.1
    CPU: (8) x64 Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
  Binaries:
    Node: 14.18.1 - /usr/local/opt/node@14/bin/node
    Yarn: 1.22.17 - /usr/local/bin/yarn
    npm: 6.14.15 - /usr/local/opt/node@14/bin/npm

Steps to reproduce

vue create example-project

Output

error /Users/socheat/Workspace/temp/example-project/node_modules/coa: Command failed.
Exit code: 1
Command: start /B node compile.js & node compile.js
Arguments:
Directory: /Users/socheat/Workspace/temp/example-project/node_modules/coa
Output:
/bin/sh: start: command not found
internal/modules/cjs/loader.js:905
  throw err;
  ^

Error: Cannot find module '/Users/socheat/Workspace/temp/example-project/node_modules/coa/compile.js'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:902:15)
    at Function.Module._load (internal/modules/cjs/loader.js:746:27)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
    at internal/main/run_main_module.js:17:47 {




 ERROR  command failed: yarn

yarn why coa

yarn why v1.22.17
[1/4] 🤔  Why do we have the module "coa"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "coa@2.0.2"
info Reasons this module exists
   - "@vue#cli-service#@intervolga#optimize-cssnano-plugin#cssnano-preset-default#postcss-svgo#svgo" depends on it
   - Hoisted from "@vue#cli-service#@intervolga#optimize-cssnano-plugin#cssnano-preset-default#postcss-svgo#svgo#coa"
info Disk size without dependencies: "112KB"
info Disk size with unique dependencies: "364KB"
info Disk size with transitive dependencies: "536KB"
info Number of shared dependencies: 9
✨  Done in 0.90s.

What is expected?

What is actually happening?

There was an error with https://github.com/veged/coa

Issue link https://github.com/veged/coa/issues/99

Issue Analytics

State:
Created 2 years ago
Reactions:5
Comments:13

Top GitHub Comments

2reactions

toro705commented, Nov 4, 2021

I’m still having this problem, altho i’ve alreade clenaed the cache. Running npm i --legacy-peer-deps

1reaction

tcstorycommented, Nov 5, 2021

Ok looks like the issue got fixed, ignore my previous message

which version fix this issue? i still experenced the issue with 4.5.11

Top Results From Across the Web

Security - Vue.js

Reporting Vulnerabilities To report a vulnerability, please email security@vuejs.org. While the discovery of new vulnerabilities is rare, we also recommend ...

Vue.js Vienna, Web Application Security for Frontend Devs ...

Talk by Thomas Konrad In this talk, we'll cover the most important security topics that have touchpoints with frontend development: ...

Popular 'coa' NPM library hijacked to steal user passwords

Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world.

Search Data Security Breaches | State of California

Organization Name Date(s) of Breach Reported Date Your Patient Advisor by Captify Health 05/26/2019, 04/20/2022 12/22/2022 Innovative Education Management, Inc. 11/06/2022, 11/14/2022 12/22/2022 Blue Shield of...

Malware found in coa and rc, two npm packages with 23M ...

Since then, the npm security team has removed all the compromised coa and rc versions to prevent developers from accidentally infecting ...