nx-plus
nx-plus copied to clipboard
high severity vulnerabilities
Current Behavior
When installing a fresh @nx-plus/vue dependencie npm audit reveals 7 high severity vulnerabilities (error output in Steps to Reproduce
)
Further report from npm audit:
$ npm audit
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
# npm audit report
glob-parent <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @nx-plus/[email protected], which is a breaking change
node_modules/@nx-plus/vue/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/@nx-plus/vue/node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/@nx-plus/vue/node_modules/webpack
copy-webpack-plugin 5.0.1 - 5.1.2
Depends on vulnerable versions of glob-parent
node_modules/@nx-plus/vue/node_modules/copy-webpack-plugin
@nx-plus/vue >=0.5.0
Depends on vulnerable versions of copy-webpack-plugin
node_modules/@nx-plus/vue
7 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Steps to Reproduce
Run the following command and you should get this output
$ npm install @nx-plus/vue --save-dev
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported
or maintained
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated @hapi/[email protected]: Moved to 'npm install @sideway/address'
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained
npm WARN deprecated @hapi/[email protected]: Switch to 'npm install joi'
added 1349 packages, and audited 1350 packages in 3m
88 packages are looking for funding
run `npm fund` for details
7 high severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
This issue may not be prioritized if details are not provided to help us reproduce the issue.
Failure Logs
Environment
Plugin name and version: "@nx-plus/vue": "^14.1.0"
$ nx report
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
> NX Report complete - copy this into the issue template
Node : 16.15.1
OS : win32 x64
npm : 8.12.1
nx : 14.4.0
@nrwl/angular : Not Found
@nrwl/cypress : 14.4.0
@nrwl/detox : Not Found
@nrwl/devkit : 14.4.0
@nrwl/eslint-plugin-nx : 14.4.0
@nrwl/express : 14.4.0
@nrwl/jest : 14.4.0
@nrwl/js : 14.4.0
@nrwl/linter : 14.4.0
@nrwl/nest : 14.4.0
@nrwl/next : Not Found
@nrwl/node : 14.4.0
@nrwl/nx-cloud : Not Found
@nrwl/nx-plugin : Not Found
@nrwl/react : Not Found
@nrwl/react-native : Not Found
@nrwl/schematics : Not Found
@nrwl/storybook : Not Found
@nrwl/web : Not Found
@nrwl/workspace : 14.4.0
typescript : 4.7.4
---------------------------------------
Community plugins:
@nx-plus/vue: 14.1.0