ng2-logger icon indicating copy to clipboard operation
ng2-logger copied to clipboard

Published 20 hours ago verified publisher icon darekf77

npm install moderate vulnerability

Open mikeandtherest opened this issue 3 years ago • 1 comments

Hi there. On a new Angular 13.03 project, I'm getting one moderate vulnerability at npm install, which seems to be caused by an indirect dependency of ng2-logger (i.e. sync-exec). I'm not sure how easy it would be to address it, but I just wanted to make you guys aware of it.

Btw, I'm using this version of the library: "ng2-logger": "^8.0.20".

Npm audit output:

  Moderate        Tmp files readable by other users in sync-exec                

  Package         sync-exec                                                     

  Patched in      No patch available                                            

  Dependency of   ng2-logger                                                    

  Path            ng2-logger > tnp-cli > tnp-config > tnp-core > copy-paste >   
                  sync-exec                                                     

  More info       https://github.com/advisories/GHSA-38h8-x697-gh8q      

found 1 moderate severity vulnerability in 1422 scanned packages
  1 vulnerability requires manual review. See the full report for details.

mikeandtherest avatar Nov 30 '21 08:11 mikeandtherest

Hi @mikeandtherest ...let me check that today.

darekf77 avatar Dec 06 '21 16:12 darekf77

@mikeandtherest use new version and don't forget to use import { Log, Logger } from 'ng2-rest/browser'; Browser version does not use sync-exec and you should be safe.

darekf77 avatar Nov 21 '22 10:11 darekf77