Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Found vulnerabilities - 4 high, 1 critical #3

Open
hellfireSteve opened this issue Sep 5, 2018 · 0 comments
Open

Found vulnerabilities - 4 high, 1 critical #3

hellfireSteve opened this issue Sep 5, 2018 · 0 comments

Comments

@hellfireSteve
Copy link

I tried this using npm. The command npm install produced a bunch of error messages:

npm WARN deprecated [email protected]: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0

[email protected] install C:\Users\SStaple\Downloads\typescript-nightwatch-example-master\typescript-nightwatch-example-master\node_modules\husky
node ./bin/install.js

husky
setting up Git hooks
can't find .git directory, skipping Git hooks installation
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No repository field.

added 229 packages from 518 contributors and audited 378 packages in 9.788s
found 14 vulnerabilities (9 low, 4 high, 1 critical)
run npm audit fix to fix them, or npm audit for details

I ran npm audit fix as suggested. Got more error messages:

npm WARN [email protected] No repository field.

added 2 packages from 2 contributors and updated 2 packages in 1.261s
fixed 1 of 14 vulnerabilities in 378 scanned packages
1 package update for 13 vulns involved breaking changes
(use npm audit fix --force to install breaking changes; or refer to npm audit for steps to fix these manually)

Finally, ran npm audit to list the problems. This looks alarming!

=== npm audit security report ===

Run npm install [email protected] to resolve 6 vulnerabilities

SEMVER WARNING: Recommended action is a potentially breaking change

Low Regular Expression Denial of Service

Package debug

Dependency of nightwatch

Path nightwatch > mocha-nightwatch > debug

More info https://nodesecurity.io/advisories/534

Critical Command Injection

Package growl

Dependency of nightwatch

Path nightwatch > mocha-nightwatch > growl

More info https://nodesecurity.io/advisories/146

High Denial of Service

Package http-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > http-proxy-agent

More info https://nodesecurity.io/advisories/607

High Denial of Service

Package http-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > pac-proxy-agent >
http-proxy-agent

More info https://nodesecurity.io/advisories/607

High Denial of Service

Package https-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > https-proxy-agent

More info https://nodesecurity.io/advisories/593

High Denial of Service

Package https-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > pac-proxy-agent >
https-proxy-agent

More info https://nodesecurity.io/advisories/593

found 6 vulnerabilities (1 low, 4 high, 1 critical) in 378 scanned packages
6 vulnerabilities require semver-major dependency updates.
@hellfireSteve hellfireSteve changed the title Found vulnerables - 4 high, 1 critical Found vulnerabilities - 4 high, 1 critical Sep 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hellfireSteve