[v6.0.1] NPM reports moderate issues in dependencies
beukeshu opened this issue · 0 comments
beukeshu commented
I narrowed down some NPM security warnings to this package.
After an npm install npm-check@6.0.1, doing an npm audit reports the following:
...
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install npm-check@3.2.10, which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
npm-check >=3.2.7
Depends on vulnerable versions of package-json
Depends on vulnerable versions of update-notifier
node_modules/npm-check
On Node version v16.15.1, npm version 8.11.0