You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Security Vulnerability] One of your dependencies has a dependency which has been flagged as having a security vulnerability (according to nodesecurity.io)
#438
Closed
chase2981 opened this issue
Mar 27, 2018
· 1 comment
· Fixed by #440
Recreation Steps:
First run npm i nsp then run npx nsp check in any project that has any version of tailwindcss installed, and you will receive the error
Recommendations:
Add the nodesecurity.io badge to your README.md so that your dependencies stay secure
I was hoping you guys could please correct this? Thank you.
The text was updated successfully, but these errors were encountered:
According to nodesecurity.io, your guys' tailwindcss package is dependent on a package with a security vulnerability, as shown below.
(+) 1 vulnerability found
┌────────────┬────────────────────────────────────────────────────────────────────┐
│ │ Prototype pollution attack │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Name │ hoek │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ CVSS │ 4 (Medium) │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Installed │ 2.16.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <= 4.2.0 || >= 5.0.0 < 5.0.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Patched │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ Path │ my-project@0.0.0 > tailwindcss@0.5.1 > nodemon@1.17.2 > │
│ │ chokidar@2.0.3 > fsevents@1.1.3 > node-pre-gyp@0.6.39 > hawk@3.1.3 │
│ │ > hoek@2.16.3 │
├────────────┼────────────────────────────────────────────────────────────────────┤
│ More Info │ https://nodesecurity.io/advisories/566 │
└────────────┴────────────────────────────────────────────────────────────────────┘
Recreation Steps:
First run
npm i nsp
then runnpx nsp check
in any project that has any version of tailwindcss installed, and you will receive the errorRecommendations:
Add the nodesecurity.io badge to your README.md so that your dependencies stay secure
I was hoping you guys could please correct this? Thank you.
The text was updated successfully, but these errors were encountered: