bitshares-ui icon indicating copy to clipboard operation
bitshares-ui copied to clipboard

Published 20 hours ago verified publisher icon bitshares

node vulnerabilities

Open bobinson opened this issue 4 years ago • 2 comments

Describe the bug Number of vulnerabilities are reported by Node packages & a large majority can be fixed by npm audit fix. It will be great if a review of the packages is done and attempt to test after automated and manual updation of manual packages.

To Reproduce Steps to reproduce the behavior:

  1. clone the code
  2. do nvm install 10 ; nvm use 10 ;
  3. install packages from source folder using npm i
  4. npm lists vulnerable packages

Expected behavior The vulnerabilities should be minor ones.

Desktop (please complete the following information):

  • OS: macOS
  • Version 11.01
  • Node v10.23.0

Additional context Synk reported https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716 though not sure whether its already covered in the npm reports.

bobinson avatar Dec 14 '20 01:12 bobinson

Yea, some packages are quite outdated, react could also use an upgrade (this requires refactoring though). Are you interested in contributing?

sschiessl-bcp avatar Dec 18 '20 12:12 sschiessl-bcp

@sschiessl-bcp - I will see whether I can contribute. The trouble is testing ie, npm audit fix and few tools might help to resolve but its going to be a huge effort to verify all the functionalities.

bobinson avatar Dec 18 '20 12:12 bobinson