Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit report 29 vulnerabilities #2088

Closed
loynoir opened this issue May 28, 2021 · 1 comment
Closed

npm audit report 29 vulnerabilities #2088

loynoir opened this issue May 28, 2021 · 1 comment

Comments

@loynoir
Copy link

loynoir commented May 28, 2021
edited

Steps to reproduce

Prepare

git clone https://github.com/jquery/esprima .
npm install
npm audit

Expected output

found 0 vulnerabilities

Actual output

29 vulnerabilities (11 low, 8 moderate, 7 high, 3 critical)

Relevant references
@loynoir loynoir mentioned this issue May 28, 2021
Open
@ariya
Copy link
Contributor

ariya commented Jun 11, 2021

Thank you for the checks @loynoir!

These are all transitive dependencies of the devDependencies, i.e. the tools used for development. They are not affecting the run-time safety of Esprima (when being used a library). Any PRs to update/improve those tools are always welcomed.

I'm closing this for now unless there is a strong evident that the run-time behavior of Esprima is affected.

@ariya ariya closed this as completed Jun 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ariya @loynoir