Found vulnerabilities - 4 high, 1 critical #3
Description
I tried this using npm. The command npm install produced a bunch of error messages:
npm WARN deprecated [email protected]: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0
[email protected] install C:\Users\SStaple\Downloads\typescript-nightwatch-example-master\typescript-nightwatch-example-master\node_modules\husky
node ./bin/install.js
husky
setting up Git hooks
can't find .git directory, skipping Git hooks installation
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] No repository field.
added 229 packages from 518 contributors and audited 378 packages in 9.788s
found 14 vulnerabilities (9 low, 4 high, 1 critical)
run npm audit fix to fix them, or npm audit for details
I ran npm audit fix as suggested. Got more error messages:
npm WARN [email protected] No repository field.
added 2 packages from 2 contributors and updated 2 packages in 1.261s
fixed 1 of 14 vulnerabilities in 378 scanned packages
1 package update for 13 vulns involved breaking changes
(use npm audit fix --force to install breaking changes; or refer to npm audit for steps to fix these manually)
Finally, ran npm audit to list the problems. This looks alarming!
=== npm audit security report ===
Run npm install [email protected] to resolve 6 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Low Regular Expression Denial of Service
Package debug
Dependency of nightwatch
Path nightwatch > mocha-nightwatch > debug
More info https://nodesecurity.io/advisories/534
Critical Command Injection
Package growl
Dependency of nightwatch
Path nightwatch > mocha-nightwatch > growl
More info https://nodesecurity.io/advisories/146
High Denial of Service
Package http-proxy-agent
Dependency of nightwatch
Path nightwatch > proxy-agent > http-proxy-agent
More info https://nodesecurity.io/advisories/607
High Denial of Service
Package http-proxy-agent
Dependency of nightwatch
Path nightwatch > proxy-agent > pac-proxy-agent >
http-proxy-agent
More info https://nodesecurity.io/advisories/607
High Denial of Service
Package https-proxy-agent
Dependency of nightwatch
Path nightwatch > proxy-agent > https-proxy-agent
More info https://nodesecurity.io/advisories/593
High Denial of Service
Package https-proxy-agent
Dependency of nightwatch
Path nightwatch > proxy-agent > pac-proxy-agent >
https-proxy-agent
More info https://nodesecurity.io/advisories/593
found 6 vulnerabilities (1 low, 4 high, 1 critical) in 378 scanned packages
6 vulnerabilities require semver-major dependency updates.