Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
vscode NPM module: Vulnerability alert for hoek < 5.0.3 #48783
Steps to Reproduce:
Does this issue occur when all extensions are disabled?: Yes (N/A)
I'm not sure if this can be solved without third-party buy-in from the following (
My plugin paste-escaped shows the github report
It is likely vscode itself has not been notified due to the use of yarn vs npm thus a different lockfile format.
I took @charmeem idea a step further and it doesn't seem to have impacted anything. So I did
Once again, I am not sure of the impact on this as I was still able to run my code and everything like that. I just mainly wanted to stop the notifications from GitHub on my older projects.
@TizioFittizio just keep in mind that it removes hoek from your package-lock.json. However, some other stuff will have it as a dependency for later version... I think I saw one that had a dependency of hoek 2.2. But like I said, I'm not entirely sure what it's used for as my app was still able to run just fine.