-
Notifications
You must be signed in to change notification settings - Fork 318
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2 Vulnerabilities Found: Prototype pollution attack #432
Comments
npm audit reported 80 vulnerabilities with npm-check-updates v2.14.2 for me. This is the output: audit.txt |
I ran |
@NetOperatorWibby I have had to focus on other projects recently. Unfortunately nobody else has contributed in a long time. |
@raineorshine I'm currently working on a fork and refactoring. |
@NetOperatorWibby Wonderful. It would be so great to incorporate your changes back into the source. |
@raineorshine Seems like people have been trying to help via PRs but nothing's merged. |
@NetOperatorWibby A few PR's over the last 3 years. The unmerged PR's are either waiting for the v3 milestone or needed additional work. |
I've abandoned my fork and started using https://www.npmjs.com/package/updates. It has less dependencies and similar usage. Still, |
nsp
:npm i -g nsp
npm-check-updates
module folder:cd [...]/.nvm/versions/node/v8.11.1/lib/node_modules/npm-check-updates
nsp check
Expected behaviour
(+) No known vulnerabilities found
Actual behaviour
(+) 2 vulnerabilities found
Prototype pollution attack
More Info │ https://nodesecurity.io/advisories/566
Steps to reproduce
nsp
:npm i -g nsp
cd
into thenpm-check-updates
module folder:cd [...]/.nvm/versions/node/v8.11.1/lib/node_modules/npm-check-updates
nsp check
The text was updated successfully, but these errors were encountered: