Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

a critical vulnerable reported during the npm #1182

Open
tunerji opened this issue Feb 17, 2024 · 1 comment
Open

a critical vulnerable reported during the npm #1182

tunerji opened this issue Feb 17, 2024 · 1 comment

Comments

@tunerji
Copy link

tunerji commented Feb 17, 2024

npm audit fix
npm WARN audit fix [email protected] node_modules/bsock
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the bcoin package.
npm WARN audit fix [email protected] node_modules/bweb
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the bcoin package.
npm WARN audit fix [email protected] node_modules/bcurl
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the bcoin package.

up to date, audited 31 packages in 6s

npm audit report

bsock *
Severity: critical
bsock uses weak hashing algorithms - GHSA-jj93-39pf-7mcf
No fix available
node_modules/bsock
bcurl >=0.0.1
Depends on vulnerable versions of bsock
node_modules/bcurl
bweb >=0.0.1
Depends on vulnerable versions of bsock
node_modules/bweb

3 critical severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

@scienmanas
Copy link

I would like to work on this, can you assign this to me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants