Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM IP package incorrectly identifies some private IP addresses as public #147

Closed
netra-patwari opened this issue Mar 7, 2024 · 4 comments
Closed

NPM IP package incorrectly identifies some private IP addresses as public #147

netra-patwari opened this issue Mar 7, 2024 · 4 comments

Comments

@netra-patwari
Copy link

netrapatwari@netras-Air n % npm i

up to date, audited 915 packages in 1s

121 packages are looking for funding
run npm fund for details

1 moderate severity vulnerability

To address all issues, run:
npm audit fix

Run npm audit for details.

netrapatwari@netras-Air n % npm audit

npm audit report

ip 2.0.0
Severity: moderate
NPM IP package incorrectly identifies some private IP addresses as public - GHSA-78xj-cgh5-2h22
fix available via npm audit fix
node_modules/npm/node_modules/ip

1 moderate severity vulnerability

To address all issues, run:
npm audit fix
netrapatwari@netras-Air n %

netrapatwari@netras-Air n % npm audit fix
npm WARN audit fix ip@2.0.0 node_modules/npm/node_modules/ip
npm WARN audit fix ip@2.0.0 is a bundled dependency of
npm WARN audit fix ip@2.0.0 npm@10.2.4 at node_modules/npm
npm WARN audit fix ip@2.0.0 It cannot be fixed automatically.
npm WARN audit fix ip@2.0.0 Check for updates to the npm package.

up to date, audited 915 packages in 2s

121 packages are looking for funding
run npm fund for details

npm audit report

ip 2.0.0
Severity: moderate
NPM IP package incorrectly identifies some private IP addresses as public - GHSA-78xj-cgh5-2h22
fix available via npm audit fix
node_modules/npm/node_modules/ip

1 moderate severity vulnerability

To address all issues, run:
npm audit fix
@niikoo
Copy link

niikoo commented Mar 28, 2024

I got the same issue. It tells me that a fix is available, but npm audit fix does nothing.

@slmoore
Copy link

slmoore commented Apr 8, 2024
edited
Loading

See my other comment, this is resolved -

Hey @netra-patwari ! I'm seeing the same issue as @niikoo .

I'm finding that running npm audit fix is still installing 2.0.0 instead of 2.0.1. I tried overrides and installing the lastest version as a direct dependency of my application, but 2.0.0 is still being installed.

I'm running node v20.11.1 and npm v10.2.4

    "node_modules/npm/node_modules/ip": {
      "version": "2.0.0",  <----
      "dev": true,
      "inBundle": true,
      "license": "MIT"
    },

@slmoore
Copy link

slmoore commented Apr 10, 2024

Update! I found a separate dependency was installing the outdated version of ip. I've reached out to that repo's maintainers to resolve this issue. @niikoo or if anyone else is experiencing this issue, check that another of your dependencies is not depending on an older version of ip.

@YKhm20020 YKhm20020 mentioned this issue Jun 4, 2024
Closed
@someonestolemyusername
Copy link

Why are people asking for help on how to use npm audit on this repo?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@slmoore @someonestolemyusername @niikoo @netra-patwari