New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Don't use this library #7

TheBlusky opened this Issue Nov 27, 2018 · 2 comments


None yet
2 participants
Copy link

TheBlusky commented Nov 27, 2018

This library has many security flaws.

Author has been contacted to see how to handle it.

I'll give details about the issue when it will be corrected.

In the mean time, I advise you not to use it / disable it if used in production.


This comment has been minimized.

Copy link

valassis-nick commented Dec 6, 2018

Considering how this project seems to be abandoned, and there have been no pushes to the repository in almost 2 years, you're better serving the community by either:

Documenting the flaws openly in this issue so that potential users can make their own determinations about whether or not to use the library.


Forking and making the corrections yourself and linking them to this issue.

I don't think being dramatic and secretive helps anyone.


This comment has been minimized.

Copy link

TheBlusky commented Dec 7, 2018

I am neitheir dramatic nor secretive. You're right, this project is old and seems unmaintened, however, it is still used (you can check it directly on github or npm), and I don't want to cause them any problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment