Stack Overflow
Stack Overflow

Questions tagged [npm-vulnerabilities]

52 questions
1
vote
1 answer

how to solve moderate severity vulnerabilities in vs for npm install

=== npm audit security report === Manual Review Some vulnerabilities require your attention to resolve …
DIVAN AFTAB
  • 19
  • 5
1
vote
1 answer

"npm audit fix" will install a deprecated package

When I run npm audit it tells me the following about vulnerabilities: react-dev-utils 0.4.0 - 12.0.0-next.60 Severity: critical Improper Neutralization of Special Elements used in an OS Command. -…
user3601578
  • 1,310
  • 1
  • 18
  • 29
1
vote
1 answer

I have 5 moderate severity vulnerabilities when I checked the npm audit

How can I fix these errors given below? $ npm audit # npm audit report glob-parent <5.1.2 Severity: moderate Regular expression denial of service - https://npmjs.com/advisories/1751 No fix…
Munavvir Muneer
  • 11
  • 1
  • 2
0
votes
0 answers

Upgrade yarn packages to avoid vulnerabilities in Docker image

I have a node dependency tree that looks like this: $:app user1$ npm ls d3-color app@0.1.0 /Users/user1/workspace/fe/app ├─┬ @ant-design/charts@1.4.2 │ └─┬ @ant-design/maps@1.0.4 │ └─┬ @antv/l7plot@0.0.13 │ └─┬ @antv/l7@2.9.25 │ ├─┬…
HelmBurger
  • 1,168
  • 5
  • 15
  • 35
0
votes
0 answers

Angular vulnerability inflight@1.0.6 deduped

I'm having problems with the inflight@1.0.6 deduped lib, it is a child of some angular CORE libs, and I need to mitigate this vulnerability. At the moment I don't have time to migrate to angular 16, would there be some way to remove this inflight…
Leonardo Gusmão
  • 37
  • 6
0
votes
0 answers

Update jsrsasign from 0.0.3 to 10.8.6

I need assistance in he procedure to update jsrsasign npm library under jws-jwk tree. It's currently giving me the following tree when using npm ls jsrsasign. jws-jwk@0.1.4 └── jsrsasign@0.0.3 I tried npm install jsrsasign@10.8.6 but its adding…
Sachin Choudhary
  • 1
  • 1
0
votes
0 answers

Remove Improper Input Validation vulnerability from 'xmldom'

My project has a new Improper Input Validation vulnerability found by Synk. The problematic library is 'xmldom' version 0.1.19. Looking into the dependency tree, 'xmldom' is required by 'xml-crypto', which is ultimately required by 'soap'. What is…
Gabriela Cristina
  • 21
  • 1
0
votes
0 answers

Update Angular to version 16 and its dependencies specially using require keyword

I tried to update my Angular project from version 15 to 16 without success. After I update my packages with 'npm-check-updates' command. I get 48 moderate severity vulnerabilities. and when I call audit fix command, it doesn't do any thing. If I do…
Hamid
  • 43
  • 6
0
votes
0 answers

High Vulnerability Detected in Dependency (NPM debug) of mocha

How to Remediate: Vulnerability Detected in debug package (Inefficient Regular Expression Complexity) I recently ran a security scan using Checkmarx One and detected a high vulnerability in the npm debug package.  Package: debug Version: 4.3.4…
Kathrine Breboneria
  • 31
  • 2
0
votes
0 answers

Vulnerabilities found in npm@9.6.6 which is latest version in strip-ansi

I had a long list of vulnerabilities after deploying my npm project on the docker container but after changing OS I am left with only one vulnerability related to npm which enter image description hereis strip-ansi. It is inside the npm package only…
manuj aggarwal
  • 1
0
votes
1 answer

How to fix "xml2js" vulnerability in npm audit report for Microsoft Office add-in packages?

I am developing a Microsoft Office PowerPoint React add-in using various packages. I used Yeoman to start working with the example add-in. Later, I installed "antd" and "react-router-dom". However, upon running npm audit, I received a message…
Kurious
  • 23
  • 3
0
votes
0 answers

Could someone help me with this React Vulnerability regarding nth-check?

I created a new react project, and upon creating it saw 6 high security vulnerabilities. I tried npm audit fix but it didn't work. The audit report showed this: # npm audit report nth-check <2.0.1 Severity: high Inefficient Regular Expression…
SSFJHGKJFHG
  • 39
  • 1
  • 3
0
votes
0 answers

Why trivy scanner found vulnerabilities for dependencies that do not exist in my project?

I use the trivy GitHub action (aquasecurity/trivy-action@master) to scan my nestjs project, but keep getting the below vulnerabilities even though I have not used those packages directly and indirectly (no trace of them in my yarn.lock). why would…
Peter_101
  • 303
  • 4
  • 13
0
votes
0 answers

How to resolve dependabot security alerts when the direct dependency isn't listed (transitive errors)

I'm getting several dependabot security notices but they don't stem from my direct dependencies. I've tried examining the insights/dependency graph but this isn't helping much. I've also tried to run yarn audit and getting no errors tried running…
Avba
  • 14,822
  • 20
  • 92
  • 192
0
votes
0 answers

How to resolve gulp/glob-parent vulnerabilities?

I have been getting vulnerabilities in internal dependency glob-parent package of npm package - gulp. High glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex Package …
Bobby
  • 21
  • 5
1
2
3 4