-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit: 26 vulnerabilities #86
Comments
Just as a little note for those that are worried about the above: When you use this package as a dependency in your project, it won't install the You can try this for yourself by running |
I think it's a good thing that |
Although the 26 vulnerabilities for development will only happen if you're a developer of this library itself, which is probably not the case. |
The latest version of "he" contains some vulnerabilities according to "npm audit":
26 vulnerabilities (8 moderate, 9 high, 9 critical)
I'm not using this package directly but instead it is being referenced through mocha (and I'm using mocha). But I'm just seeing if this project is active enough that perhaps these vulnerabilities will be addressed at some point. I'm certainly no expert with this but it appears that the vulnerabilities are related to packages that need upgrading to newer versions.
I think just having newer packages that update the lodash version will satisfy my vulnerability scanner.
The text was updated successfully, but these errors were encountered: