This repository was archived by the owner on Jul 28, 2023. It is now read-only.
This repository was archived by the owner on Jul 28, 2023. It is now read-only.
dot-prop vulnerability alert when installing ndb #317
Description
Steps to reproduce
Tell us about your environment:
- ndb version: 1.1.5
- Platform / OS version: Windows 10
- Node.js version: 12.18.3 x64
What steps will reproduce the problem?
Please include code that reproduces the issue.
npm install ndb --save-dev
found 1 high severity vulnerability
run `npm audit fix` to fix them, or `npm audit` for details
npm audit fix
fixed 0 of 1 vulnerability in 144 scanned packages
1 vulnerability required manual review and could not be updated
npm audit
High Prototype Pollution
Package dot-prop
Patched in >=5.1.1
Dependency of ndb [dev]
Path ndb > update-notifier > configstore > dot-prop
More info https://npmjs.com/advisories/1213
What is the expected result?
Ndb would install without a problem.
What happens instead?
I got a scary looking vulnerability alert by npm.
I wanted to know if there was a patch for the vulnerability or if it was just overlooked somehow. I would also like to know what the current work arounds I can use at the current time.