a critical vulnerable reported during the npm

Open tunerji opened this issue 1 year ago • 1 comments

npm audit fix npm WARN audit fix [email protected] node_modules/bsock npm WARN audit fix [email protected] is a bundled dependency of npm WARN audit fix [email protected] [email protected] at npm WARN audit fix [email protected] It cannot be fixed automatically. npm WARN audit fix [email protected] Check for updates to the bcoin package. npm WARN audit fix [email protected] node_modules/bweb npm WARN audit fix [email protected] is a bundled dependency of npm WARN audit fix [email protected] [email protected] at npm WARN audit fix [email protected] It cannot be fixed automatically. npm WARN audit fix [email protected] Check for updates to the bcoin package. npm WARN audit fix [email protected] node_modules/bcurl npm WARN audit fix [email protected] is a bundled dependency of npm WARN audit fix [email protected] [email protected] at npm WARN audit fix [email protected] It cannot be fixed automatically. npm WARN audit fix [email protected] Check for updates to the bcoin package.

up to date, audited 31 packages in 6s

npm audit report

bsock * Severity: critical bsock uses weak hashing algorithms - https://github.com/advisories/GHSA-jj93-39pf-7mcf No fix available node_modules/bsock bcurl >=0.0.1 Depends on vulnerable versions of bsock node_modules/bcurl bweb >=0.0.1 Depends on vulnerable versions of bsock node_modules/bweb

3 critical severity vulnerabilities

Some issues need review, and may require choosing a different dependency.

Feb 17 '24 01:02 tunerji

I would like to work on this, can you assign this to me

Mar 20 '24 17:03 scienmanas

bcoin bcoin copied to clipboard

a critical vulnerable reported during the npm

npm audit report

bcoin
bcoin copied to clipboard