Does Detox 20.x rely on malicious package?

[cristalsnow]

What happened?

Hi!
I have updated Detox version to 20.7.0.

When I add detox 20+ version to the project, the node-ipc(9.2.1) package is installed as well.

Some versions(>=10.1.1 <10.1.3) of node-ipc package is reported to be malicious

https://security.snyk.io/vuln/SNYK-JS-NODEIPC-2426370
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/

Could you confirm that you aware about this issue?

What was the expected behaviour?

No response

Was it tested on latest Detox?

• I have tested this issue on the latest Detox release and it still reproduces.

Help us reproduce this issue!

Upgrade Detox to the latest version, for example 20.7

In what environment did this happen?

Detox version: 20.7.0
React Native version: 0.70.6
Has Fabric (React Native's new rendering system) enabled: no
Node version: 14 or above
Test-runner (select one): jest

Detox logs

Detox logs

paste logs here!

Device logs

Device logs

paste logs here!

More data, please!

No response

[asafkorem]

Thanks for the report @cristalsnow, we will check that

[noomorph]

We use 9.x version without the "side effects". Nevertheless, we thought it would be a good idea to freeze the version (#4019) to a guaranteedly safe one to address any hypothetical inquiries in the future. Marking this as resolved.