You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey, thanks for notifying me about this. That security report on sonatype is a false positive and this is not a security vulnerability in ShellJS. Please see the statement I made here and here.
shell.exec() is designed to allow arbitrary command execution. It is the responsibility of the caller to use shell.exec() responsibly and to sanitize user inputs.
Node version (or tell us if you're using electron or some other framework):
v. 16.14.0
ShellJS version (the most recent version/Github branch you see the bug on):
0.8.4, 0.8.5
Operating system:
windows
Description of the bug:
npm package usage blocked by vulnerability provider Sonatype OSS Index
https://ossindex.sonatype.org/vulnerability/sonatype-2014-0038?component-type=npm&component-name=shelljs&utm_source=proget&utm_medium=integration&utm_content=22.0.9.2
The text was updated successfully, but these errors were encountered: