Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prototype pollution issues in npm audit log #256

Closed
aghArdeshir opened this issue May 23, 2018 · 4 comments
Closed

prototype pollution issues in npm audit log #256

aghArdeshir opened this issue May 23, 2018 · 4 comments
Assignees
@WesTyler
Labels
non issue Issue is not a problem or requires changes

Comments

@aghArdeshir
Copy link

image

HI!
I recently been experiencing npm audit and on all of my projects I get some vulnerabilities related to hoek with the threat being prototype pollution. Actually I'm not familiar with hoek and the way it works!
So I just opened an issue!

Is manipulating prototypes the way hoek does things and if so, is it gonna change in near future?

And lets suppose I (or some other contributor) wants to do things that his/her npm audit return clean results, should the actions be taken on hoek repo or node-sass repo or other repos using hoek (boom, hawk, request,cryptiles, sntp)?

Thanks!
@aghArdeshir aghArdeshir changed the title prototype pollution issues in on npm audit log prototype pollution issues on npm audit log May 23, 2018
@aghArdeshir aghArdeshir changed the title prototype pollution issues on npm audit log prototype pollution issues in npm audit log May 23, 2018
@WesTyler
Copy link

This has already been patched and released by Hoek, and hawk has already been removed from request.

It has also been discussed in many many issues here. "Main" thread: #247

@WesTyler WesTyler added the non issue Issue is not a problem or requires changes label May 23, 2018
@WesTyler WesTyler self-assigned this May 23, 2018
@aghArdeshir
Copy link
Author

Oops! So I think sorry for this :)

@WesTyler
Copy link

No worries :) Not the first, won't be the last issue on this.

@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@WesTyler WesTyler

Labels
non issue Issue is not a problem or requires changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aghArdeshir @WesTyler