=== npm audit security report === # Run npm install --save-dev mocha@6.2.2 to resolve 2 vulnerabilities SEMVER WARNING: Recommended action is a potentially breaking change +------------------------------------------------------------------------------+ ¦ Critical ¦ Command Injection ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ growl ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ mocha [dev] ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ mocha > growl ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/146 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ mocha [dev] ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ mocha > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ # Run npm install socket.io@2.3.0 to resolve 8 vulnerabilities SEMVER WARNING: Recommended action is a potentially breaking change +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > engine.io > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > socket.io-adapter > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > socket.io-client > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > socket.io-client > engine.io-client > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > socket.io-adapter > socket.io-parser > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > socket.io-client > socket.io-parser > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ debug ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > socket.io-parser > debug ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/534 ¦ +------------------------------------------------------------------------------+ # Run npm install npm@6.13.0 to resolve 1 vulnerability SEMVER WARNING: Recommended action is a potentially breaking change +------------------------------------------------------------------------------+ ¦ Moderate ¦ Memory Exposure ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tunnel-agent ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > tunnel-agent ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/598 ¦ +------------------------------------------------------------------------------+ # Run npm install knex@0.20.2 to resolve 1 vulnerability +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ braces ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ knex ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ knex > liftoff > findup-sync > micromatch > braces ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/786 ¦ +------------------------------------------------------------------------------+ # Run npm update brace-expansion --depth 8 to resolve 17 vulnerabilities +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > fs-vacuum > rimraf > glob > minimatch > ¦ ¦ ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > fstream > rimraf > glob > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > fstream-npm > fstream-ignore > fstream > rimraf > glob ¦ ¦ ¦ > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > fstream > rimraf > glob > minimatch > ¦ ¦ ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > tar > fstream > rimraf > glob > minimatch > ¦ ¦ ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > tar > fstream > rimraf > glob > minimatch > ¦ ¦ ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > rimraf > glob > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > rimraf > glob > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > glob > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > glob > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > fstream-npm > fstream-ignore > minimatch > ¦ ¦ ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > init-package-json > glob > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > init-package-json > read-package-json > glob > ¦ ¦ ¦ minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > read-installed > read-package-json > glob > minimatch ¦ ¦ ¦ > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > read-package-json > glob > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ ReDoS ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > minimatch > brace-expansion ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/338 ¦ +------------------------------------------------------------------------------+ # Run npm update tough-cookie --depth 4 to resolve 3 vulnerabilities +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tough-cookie ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > tough-cookie ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/525 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tough-cookie ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > tough-cookie ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/525 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tough-cookie ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > tough-cookie ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/525 ¦ +------------------------------------------------------------------------------+ # Run npm update is-my-json-valid --depth 5 to resolve 3 vulnerabilities +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ is-my-json-valid ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > har-validator > is-my-json-valid ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/572 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ is-my-json-valid ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > har-validator > ¦ ¦ ¦ is-my-json-valid ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/572 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ is-my-json-valid ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > har-validator > is-my-json-valid ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/572 ¦ +------------------------------------------------------------------------------+ # Run npm update node-gyp --depth 2 to resolve 1 vulnerability +------------------------------------------------------------------------------+ ¦ Moderate ¦ Memory Exposure ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tunnel-agent ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > tunnel-agent ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/598 ¦ +------------------------------------------------------------------------------+ # Run npm update request --depth 3 to resolve 1 vulnerability +------------------------------------------------------------------------------+ ¦ Moderate ¦ Memory Exposure ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tunnel-agent ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > tunnel-agent ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/598 ¦ +------------------------------------------------------------------------------+ # Run npm update sshpk --depth 5 to resolve 3 vulnerabilities +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ sshpk ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > http-signature > sshpk ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/606 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ sshpk ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > http-signature > sshpk ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/606 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ sshpk ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > http-signature > sshpk ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/606 ¦ +------------------------------------------------------------------------------+ # Run npm update stringstream --depth 4 to resolve 3 vulnerabilities +------------------------------------------------------------------------------+ ¦ Moderate ¦ Out-of-bounds Read ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ stringstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > stringstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/664 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Out-of-bounds Read ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ stringstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > stringstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/664 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Out-of-bounds Read ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ stringstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > stringstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/664 ¦ +------------------------------------------------------------------------------+ # Run npm update tar --depth 3 to resolve 2 vulnerabilities +------------------------------------------------------------------------------+ ¦ High ¦ Arbitrary File Overwrite ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tar ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > tar ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/803 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Arbitrary File Overwrite ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ tar ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > tar ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/803 ¦ +------------------------------------------------------------------------------+ # Run npm update fstream --depth 4 to resolve 5 vulnerabilities +------------------------------------------------------------------------------+ ¦ High ¦ Arbitrary File Overwrite ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/886 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Arbitrary File Overwrite ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > fstream-npm > fstream-ignore > fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/886 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Arbitrary File Overwrite ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/886 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Arbitrary File Overwrite ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > tar > fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/886 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Arbitrary File Overwrite ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > tar > fstream ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/886 ¦ +------------------------------------------------------------------------------+ # Run npm update extend --depth 4 to resolve 3 vulnerabilities +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ extend ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > extend ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/996 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ extend ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > extend ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/996 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ extend ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > extend ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/996 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Manual Review ¦ ¦ Some vulnerabilities require your attention to resolve ¦ ¦ ¦ ¦ Visit https://go.npm.me/audit-guide for additional guidance ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Low ¦ Large gzip Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ superagent ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ >=3.7.0 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ supertest [dev] ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ supertest > superagent ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/479 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ parsejson ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ No patch available ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ socket.io ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ socket.io > socket.io-client > engine.io-client > parsejson ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/528 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ High ¦ Regular Expression Denial of Service ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ string ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ No patch available ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ string ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ string ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/536 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > hawk > boom > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > hawk > boom > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > hawk > boom > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > hawk > cryptiles > boom > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > hawk > cryptiles > ¦ ¦ ¦ boom > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > hawk > cryptiles > boom > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > hawk > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > hawk > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > hawk > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > node-gyp > request > hawk > sntp > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > npm-registry-client > request > hawk > sntp > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ +------------------------------------------------------------------------------+ ¦ Moderate ¦ Prototype Pollution ¦ +---------------+--------------------------------------------------------------¦ ¦ Package ¦ hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ Patched in ¦ > 4.2.0 < 5.0.0 || >= 5.0.3 ¦ +---------------+--------------------------------------------------------------¦ ¦ Dependency of ¦ npm ¦ +---------------+--------------------------------------------------------------¦ ¦ Path ¦ npm > request > hawk > sntp > hoek ¦ +---------------+--------------------------------------------------------------¦ ¦ More info ¦ https://npmjs.com/advisories/566 ¦ +------------------------------------------------------------------------------+ found 68 vulnerabilities (14 low, 38 moderate, 15 high, 1 critical) in 2818 scanned packages run `npm audit fix` to fix 42 of them. 11 vulnerabilities require semver-major dependency updates. 15 vulnerabilities require manual review. See the full report for details.