You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Aloha , I am trying to run npm install on my ubuntu 18.4 latptop but i always get these same errors. I run npm audit : ┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Insecure Credential Storage │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ web3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @truffle/hdwallet-provider │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @truffle/hdwallet-provider > web3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/877 │
└───────────────┴──────────────────────────────────────
│ High │ Arbitrary File Write │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @truffle/hdwallet-provider │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @truffle/hdwallet-provider > web3 > web3-bzz > swarm-js > │
│ │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1217
i click the links to the npm site and i get this: All versions of decompress are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing../. | No fix is currently available. Consider using an alternative module until a fix is made available.No fix is currently available. Consider using an alternative module until a fix is made available.
what can i do to fix all this ?
The text was updated successfully, but these errors were encountered:
Hi there, that is an issue with @truffle/hdwallet-provider package being used. I may need to investigate it further.
However in the meantime it should be fine, as you're running this on your local machine and hdwallet-provider is only used for deployment on mainnet.
You should still be able to run the project even with those security errors.
Aloha , I am trying to run npm install on my ubuntu 18.4 latptop but i always get these same errors. I run npm audit : ┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Insecure Credential Storage │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ web3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @truffle/hdwallet-provider │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @truffle/hdwallet-provider > web3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/877 │
└───────────────┴──────────────────────────────────────
│ High │ Arbitrary File Write │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @truffle/hdwallet-provider │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @truffle/hdwallet-provider > web3 > web3-bzz > swarm-js > │
│ │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1217
i click the links to the npm site and i get this: All versions of decompress are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing../. | No fix is currently available. Consider using an alternative module until a fix is made available.No fix is currently available. Consider using an alternative module until a fix is made available.
what can i do to fix all this ?
The text was updated successfully, but these errors were encountered: