New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'Insecure' tag shown but no vulnerabilities #215

Open

mwri opened this issue Feb 13, 2018 · 1 comment

mwri commented Feb 13, 2018

'Insecure' tags are being applied to some packages which do not have any apparent vulnerabilities.

For example lostofs currently has a red 'insecure' tag, see first result from the npms.io search.

Hovering over the tag it says:

Package [email protected] has 3 vulnerabilities. For more details, check against nodesecurity.io.

However, following the link to nodesecurity.io it says there are none:

There are no known vulnerabilities for lostofs@latest or any of its dependencies.

TiagoDanin commented Feb 26, 2018

Same with my packages (unsplash-source-node and ttgram)
https://npms.io/search?q=author%3Atiagodanin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment