dot-prop 4.2.0 installs with nodejs 14 creating security issue #34708
Labels
npm
Issues and PRs related to the npm client dependency or the npm registry.
wrong repo
Issues that should be opened in another repository.
Comments
|
The .deb isn't maintained by us, but by nodesource. What's more, npm isn't maintained by us either, only distributed. It's its own project. Can you report your issue over at https://npm.community/? Thanks. |
bnoordhuis
added
npm
|
@bnoordhuis |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version:
v14.7.0Platform: Linux 359fde9c186f 5.3.0-1019-aws #21~18.04.1-Ubuntu SMP Mon May 11 12:33:03 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Subsystem: dot-prop
What steps will reproduce the bug?
curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt-get install -y nodejs
Installs dot-prop 4.2.0 in /usr/lib/node_modules/npm/node_modules/dot-prop
https://www.npmjs.com/advisories/1213
How often does it reproduce? Is there a required condition?
Every time nodejs installs
What is the expected behavior?
dot-prop >=5.1.1 should install
The text was updated successfully, but these errors were encountered: