amplify-video
amplify-video copied to clipboard
Published
20 hours ago •
awslabs
awslabs
amplify video add command not found
Describe the bug
Running amplify video add results in ⚠️ The Amplify CLI can NOT find command: video add
To Reproduce Steps to reproduce the behavior:
- Install amplify cli:
npm install -g @aws-amplify/cli - Install amplify-video plugin
npm i amplify-category-video -g - In an amplify project folder try:
amplify video add
Expected behavior A video resource should be added to the Amplify project
Desktop
- OS: MacOs 11.6.6
- node version: 16.13.1
- amplify cli version: 9.1.0
Additional context Installing the plugin looks like this:
npm i amplify-category-video -g
changed 146 packages, and audited 147 packages in 2s
25 packages are looking for funding
run `npm fund` for details
1 critical severity vulnerability
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Running npm audit yields:
# npm audit report
@aws-sdk/shared-ini-file-loader <=1.0.0-rc.8
Severity: high
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader - https://github.com/advisories/GHSA-rrc9-gqf8-8rwg
fix available via `npm audit fix`
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/shared-ini-file-loader
@aws-sdk/credential-provider-ini <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-ini
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-ini
node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-ini
node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-ini
node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-ini
node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-ini
@aws-sdk/credential-provider-process <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/credential-provider-ini
Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-process
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-process
node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-process
node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-process
node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-process
node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-process
@aws-sdk/credential-provider-node <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/credential-provider-ini
Depends on vulnerable versions of @aws-sdk/credential-provider-process
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-node
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-node
node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-node
node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-node
node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-node
node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-node
@aws-sdk/node-config-provider <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/node-config-provider
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/node-config-provider
node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/node-config-provider
node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/node-config-provider
node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/node-config-provider
node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/node-config-provider
@aws-sdk/client-cognito-identity <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/credential-provider-node
Depends on vulnerable versions of @aws-sdk/node-config-provider
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/client-cognito-identity
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/client-cognito-identity
@aws-amplify/core 3.4.7-ui-preview.9 - 3.4.7-unstable.17 || 3.5.2-unstable.1 - 3.8.13
Depends on vulnerable versions of @aws-sdk/client-cognito-identity
Depends on vulnerable versions of @aws-sdk/credential-provider-cognito-identity
node_modules/@aws-amplify/analytics/node_modules/@aws-amplify/core
node_modules/@aws-amplify/cache/node_modules/@aws-amplify/core
@aws-amplify/analytics 3.2.8-ui-preview.9 - 3.2.8-unstable.17 || 3.3.2-unstable.1 - 4.0.9
Depends on vulnerable versions of @aws-amplify/cache
Depends on vulnerable versions of @aws-amplify/core
Depends on vulnerable versions of @aws-sdk/client-firehose
Depends on vulnerable versions of @aws-sdk/client-kinesis
Depends on vulnerable versions of @aws-sdk/client-personalize-events
Depends on vulnerable versions of @aws-sdk/client-pinpoint
node_modules/@aws-amplify/analytics
@aws-amplify/cache 3.1.24-ui-preview.9 - 3.1.24-unstable.17 || 3.1.27-unstable.1 - 3.1.27-unstable.6 || 3.1.28-unstable.1 - 3.1.28-unstable.5 || 3.1.29-unstable.1 - 3.1.29-unstable.3 || 3.1.30-unstable.1 - 3.1.30-unstable.9 || 3.1.31-unstable.1 - 3.1.31-unstable.10 || 3.1.32-unstable.1 - 3.1.32-unstable.11 || 3.1.33-pr-7040.16 - 3.1.33-unstable.14 || 3.1.34-unstable.1 - 3.1.34-unstable.2 || 3.1.35-unstable.1 - 3.1.35-unstable.2 || 3.1.36-native.8 - 3.1.46
Depends on vulnerable versions of @aws-amplify/core
node_modules/@aws-amplify/cache
@aws-sdk/credential-provider-cognito-identity <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/client-cognito-identity
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-cognito-identity
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-cognito-identity
@aws-sdk/client-firehose <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/credential-provider-node
Depends on vulnerable versions of @aws-sdk/node-config-provider
node_modules/@aws-sdk/client-firehose
@aws-sdk/client-kinesis <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/credential-provider-node
Depends on vulnerable versions of @aws-sdk/node-config-provider
node_modules/@aws-sdk/client-kinesis
@aws-sdk/client-personalize-events <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/credential-provider-node
Depends on vulnerable versions of @aws-sdk/node-config-provider
node_modules/@aws-sdk/client-personalize-events
@aws-sdk/client-pinpoint <=1.0.0-rc.8
Depends on vulnerable versions of @aws-sdk/credential-provider-node
Depends on vulnerable versions of @aws-sdk/node-config-provider
node_modules/@aws-sdk/client-pinpoint
ansi-html <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ansi-html
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
Depends on vulnerable versions of sockjs
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
react-scripts 0.1.0 - 5.0.0-next.60
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of css-loader
Depends on vulnerable versions of fork-ts-checker-webpack-plugin-alt
Depends on vulnerable versions of jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of terser-webpack-plugin
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
axios <0.21.2
Severity: high
Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
fix available via `npm audit fix`
node_modules/axios
@aws-amplify/api-rest <=2.0.13
Depends on vulnerable versions of axios
node_modules/@aws-amplify/api-rest
@aws-amplify/api 1.0.38-preview.45 - 1.0.38-preview.121 || 1.2.5-unstable.0 - 1.3.1-ui-preview.54 || 3.0.1-preview.0 - 4.0.13
Depends on vulnerable versions of @aws-amplify/api-graphql
Depends on vulnerable versions of @aws-amplify/api-rest
node_modules/@aws-amplify/api
aws-amplify-react >=4.1.23-unstable.2
Depends on vulnerable versions of @aws-amplify/api
node_modules/aws-amplify-react
@aws-amplify/api-graphql <=2.2.2
Depends on vulnerable versions of @aws-amplify/api-rest
node_modules/@aws-amplify/api-graphql
@aws-amplify/storage 3.1.4-unstable.0 - 4.3.8
Depends on vulnerable versions of axios
node_modules/@aws-amplify/storage
braces <=2.3.0
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-cli/node_modules/braces
node_modules/jest-config/node_modules/braces
node_modules/jest-message-util/node_modules/braces
node_modules/jest-runner/node_modules/braces
node_modules/jest-runtime/node_modules/braces
node_modules/test-exclude/node_modules/braces
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/jest-cli/node_modules/micromatch
node_modules/jest-config/node_modules/micromatch
node_modules/jest-message-util/node_modules/micromatch
node_modules/jest-runner/node_modules/micromatch
node_modules/jest-runtime/node_modules/micromatch
node_modules/test-exclude/node_modules/micromatch
jest-cli 0.10.2 - 24.8.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-message-util
Depends on vulnerable versions of jest-resolve-dependencies
Depends on vulnerable versions of jest-runner
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
Depends on vulnerable versions of jest-util
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of node-notifier
Depends on vulnerable versions of yargs
node_modules/jest-cli
jest 13.3.0-alpha.4eb0c908 - 23.6.0
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-config 12.1.1-alpha.2935e14d - 25.5.4
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-environment-node
Depends on vulnerable versions of jest-jasmine2
Depends on vulnerable versions of jest-util
Depends on vulnerable versions of micromatch
node_modules/jest-config
jest-runner 21.0.0-alpha.1 - 22.4.4 || 23.4.0 - 23.6.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-jasmine2
Depends on vulnerable versions of jest-message-util
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-util
node_modules/jest-runner
jest-runtime 14.1.0 - 24.8.0
Depends on vulnerable versions of babel-plugin-istanbul
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-message-util
Depends on vulnerable versions of jest-snapshot
Depends on vulnerable versions of jest-util
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of yargs
node_modules/jest-runtime
jest-haste-map 16.1.0-alpha.691b0e22 - 24.0.0
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of sane
node_modules/jest-cli/node_modules/jest-haste-map
node_modules/jest-runner/node_modules/jest-haste-map
node_modules/jest-runtime/node_modules/jest-haste-map
jest-message-util 18.5.0-alpha.7da3df39 - 23.1.0 || 23.4.0 - 24.0.0-alpha.16
Depends on vulnerable versions of micromatch
node_modules/jest-message-util
expect 21.0.0-beta.1 - 22.4.3 || 23.4.0 - 23.6.0
Depends on vulnerable versions of jest-message-util
node_modules/expect
jest-jasmine2 18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
Depends on vulnerable versions of expect
Depends on vulnerable versions of jest-message-util
Depends on vulnerable versions of jest-snapshot
Depends on vulnerable versions of jest-util
node_modules/jest-jasmine2
jest-snapshot 23.4.0 - 23.6.0
Depends on vulnerable versions of jest-message-util
node_modules/jest-snapshot
jest-resolve-dependencies 23.4.0 - 23.6.0
Depends on vulnerable versions of jest-snapshot
node_modules/jest-resolve-dependencies
jest-util 18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
Depends on vulnerable versions of jest-message-util
node_modules/jest-cli/node_modules/jest-util
node_modules/jest-config/node_modules/jest-util
node_modules/jest-environment-jsdom/node_modules/jest-util
node_modules/jest-environment-node/node_modules/jest-util
node_modules/jest-jasmine2/node_modules/jest-util
node_modules/jest-runner/node_modules/jest-util
node_modules/jest-runtime/node_modules/jest-util
jest-environment-jsdom 10.0.2 - 25.5.0
Depends on vulnerable versions of jest-util
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
jest-environment-node 18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
Depends on vulnerable versions of jest-util
node_modules/jest-environment-node
test-exclude <=4.2.3
Depends on vulnerable versions of micromatch
node_modules/test-exclude
babel-plugin-istanbul <=5.0.0
Depends on vulnerable versions of test-exclude
node_modules/babel-plugin-istanbul
babel-jest 14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/babel-jest
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
react-dev-utils 0.4.0 - 12.0.0-next.60
Depends on vulnerable versions of browserslist
Depends on vulnerable versions of globby
Depends on vulnerable versions of immer
Depends on vulnerable versions of shell-quote
node_modules/react-dev-utils
chownr <1.1.0
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr - https://github.com/advisories/GHSA-c6rq-rjc2-86v2
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/chownr
glob-parent <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
fork-ts-checker-webpack-plugin-alt *
Depends on vulnerable versions of chokidar
node_modules/fork-ts-checker-webpack-plugin-alt
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/globby
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
parse-glob >=2.1.0
Depends on vulnerable versions of glob-base
node_modules/parse-glob
hermes-engine <=0.9.0
Severity: critical
Access of Resource Using Incompatible Type in Hermes - https://github.com/advisories/GHSA-7mhc-prgv-r3q4
fix available via `npm audit fix`
node_modules/hermes-engine
react-native <=0.0.0-ffdfbbec0 || 0.61.0-rc.0 - 0.68.2
Depends on vulnerable versions of @react-native-community/cli
Depends on vulnerable versions of @react-native-community/cli-platform-android
Depends on vulnerable versions of @react-native-community/cli-platform-ios
Depends on vulnerable versions of hermes-engine
node_modules/react-native
immer <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
Prototype Pollution in immer - https://github.com/advisories/GHSA-9qmh-276g-x5pj
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/react-dev-utils/node_modules/immer
ini <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/ini
jsdom <=16.4.0
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-environment-jsdom/node_modules/jsdom
merge <2.1.1
Severity: high
Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/merge
exec-sh <=0.3.1
Depends on vulnerable versions of merge
node_modules/jest-cli/node_modules/exec-sh
node_modules/jest-runner/node_modules/exec-sh
node_modules/jest-runtime/node_modules/exec-sh
node_modules/watch/node_modules/exec-sh
sane 1.0.4 - 4.0.2
Depends on vulnerable versions of exec-sh
Depends on vulnerable versions of watch
node_modules/jest-cli/node_modules/sane
node_modules/jest-runner/node_modules/sane
node_modules/jest-runtime/node_modules/sane
watch >=0.14.0
Depends on vulnerable versions of exec-sh
node_modules/watch
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/minimist
node_modules/react-scripts/node_modules/fsevents/node_modules/rc/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/react-scripts/node_modules/fsevents/node_modules/mkdirp
node-forge <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
node-notifier <8.0.1
Severity: moderate
OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-notifier
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/core <=3.1.0
Depends on vulnerable versions of svgo
node_modules/@svgr/core
@svgr/webpack <=3.1.0
Depends on vulnerable versions of @svgr/core
node_modules/@svgr/webpack
postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano-preset-default
cssnano 4.0.0-nightly.2020.1.9 - 4.1.11
Depends on vulnerable versions of cssnano-preset-default
node_modules/cssnano
optimize-css-assets-webpack-plugin 3.2.1 || 5.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-plugin
postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/postcss
css-loader 0.15.0 - 1.0.1
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/css-loader
icss-utils <=3.0.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-extract-imports <=1.2.1
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-local-by-default <=1.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-scope <=1.1.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
postcss-modules-values <=1.3.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-values
serialize-javascript <=3.0.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
Cross-Site Scripting in serialize-javascript - https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/serialize-javascript
terser-webpack-plugin <=1.4.1
Depends on vulnerable versions of serialize-javascript
node_modules/terser-webpack-plugin
uglifyjs-webpack-plugin >=1.1.3
Depends on vulnerable versions of cacache
Depends on vulnerable versions of serialize-javascript
node_modules/uglifyjs-webpack-plugin
webpack 4.3.0 - 4.25.1
Depends on vulnerable versions of uglifyjs-webpack-plugin
node_modules/webpack
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/shell-quote
@react-native-community/cli-tools 4.8.0 - 5.0.0-alpha.0 || 5.0.1-alpha.0 - 6.2.0
Depends on vulnerable versions of shell-quote
node_modules/@react-native-community/cli-tools
@react-native-community/cli 4.8.0 - 7.0.3
Depends on vulnerable versions of @react-native-community/cli-hermes
Depends on vulnerable versions of @react-native-community/cli-plugin-metro
Depends on vulnerable versions of @react-native-community/cli-server-api
Depends on vulnerable versions of @react-native-community/cli-tools
node_modules/@react-native-community/cli
@react-native-community/cli-hermes <=6.3.0
Depends on vulnerable versions of @react-native-community/cli-platform-android
Depends on vulnerable versions of @react-native-community/cli-tools
node_modules/@react-native-community/cli-hermes
@react-native-community/cli-platform-android 4.8.0 - 6.3.0
Depends on vulnerable versions of @react-native-community/cli-tools
node_modules/@react-native-community/cli-platform-android
@react-native-community/cli-platform-ios 4.8.0 - 6.2.0
Depends on vulnerable versions of @react-native-community/cli-tools
node_modules/@react-native-community/cli-platform-ios
@react-native-community/cli-plugin-metro <=7.0.3
Depends on vulnerable versions of @react-native-community/cli-server-api
Depends on vulnerable versions of @react-native-community/cli-tools
node_modules/@react-native-community/cli-plugin-metro
@react-native-community/cli-server-api <=7.0.3
Depends on vulnerable versions of @react-native-community/cli-tools
node_modules/@react-native-community/cli-server-api
sockjs <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/sockjs
ssri 5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/uglifyjs-webpack-plugin/node_modules/ssri
cacache 10.0.4 - 11.0.0
Depends on vulnerable versions of ssri
node_modules/uglifyjs-webpack-plugin/node_modules/cacache
tar <=4.4.17
Severity: high
Arbitrary File Overwrite in tar - https://github.com/advisories/GHSA-j44m-qm6p-hp7m
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/tar
yargs-parser 6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-cli/node_modules/yargs-parser
node_modules/jest-runtime/node_modules/yargs-parser
node_modules/webpack-dev-server/node_modules/yargs-parser
yargs 8.0.0-candidate.0 - 12.0.5
Depends on vulnerable versions of yargs-parser
node_modules/jest-cli/node_modules/yargs
node_modules/jest-runtime/node_modules/yargs
node_modules/webpack-dev-server/node_modules/yargs
102 vulnerabilities (13 low, 21 moderate, 55 high, 13 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
In my case, it turned out that Volta managed amplify. The plugin scan for amplify plugins does not pick that up. instead, I had to run amplify plugin add and supply the full path to the plugin, ie /Users/xyz/.volta/tools/image/packages/amplify-category-video/lib/node_modules/amplify-category-video
In ~/.amplify/plugins.json, that added
"userAddedLocations": [
"/Users/xyz/.volta/tools/image/packages/amplify-category-video/lib/node_modules/amplify-category-video"
],
and the relevant entry for the video plugin
