Tyler Resch

icon indicating a website link https://MidSpike.Com/ icon indicating an email [email protected]

icon company MidSpike icon location Maryland, USA icon location I'm a software developer in the Node.js (JavaScript) industry!

Results 5 comments of Tyler Resch

`package.json`, dependencies are vulnerable to supply-chain attacks

The reason behind calling these "vulnerable to supply-chain attacks" stems from @RIAEvangelist: - authoring the [commit](https://github.com/RIAEvangelist/node-ipc/blob/847047cf7f81ab08352038b2204f0e7633449580/dao/ssl-geospec.js) behind CVE-2022-23812 - publicly stating ([citation](https://github.com/RIAEvangelist/peacenotwar/blob/8f4e3270adb0f3b95002c53f818e4ff39290377e/README.md?plain=1#L3)): > This code serves as a [...] example...

Removed security risk `safe-eval` from `package.json`

This will fix #12

Removed security risk `safe-eval` from `package.json`

> @MidSpike How do I install your version of this package to remove the critical vulnerabilities brought by 'safe-eval'? @bhawnishk I'm not entirely sure if this is correct, but after...

Removed security risk `safe-eval` from `package.json`

> @MidSpike I tried `npm i shikar/NODE_GOOGLE_TRANSLATE#pull/4` but keep getting 403 (Forbidden). I just realized you might have to do it with `github:`: `npm i github:shikar/NODE_GOOGLE_TRANSLATE#pull/4` > Wondering if LibreTranslate...

found 3 vulnerabilities ( 2 high, 1 critical)

My pull request can fix these: https://github.com/shikar/NODE_GOOGLE_TRANSLATE/pull/4 For now I have been using my own fork: https://github.com/MidSpike/NODE_GOOGLE_TRANSLATE (You should fork my fork b/c I don't know how much longer I...