patch-package icon indicating copy to clipboard operation
patch-package copied to clipboard
verified publisher icon ds300

2 low severity vulnerabilities

Open gomezger opened this issue 4 months ago • 1 comments

Problem Description

Running npm audit reports vulnerabilities in the tmp dependency, which is indirectly required by patch-package.

Audit Log

# npm audit report

tmp  

Impact
  • patch-package depends on a vulnerable version of tmp.
  • No fix is currently available.
  • This raises security warnings when installing dependencies.

Steps to Reproduce

  1. Install dependencies with npm install
  2. Run npm audit
  3. See the reported vulnerability in tmp

Expected Behavior

  • patch-package should update the tmp dependency to a secure version or provide a workaround.

Environment

  • Node.js: 20

gomezger avatar Sep 03 '25 13:09 gomezger

dupe of #577

FabianFrank avatar Sep 04 '25 20:09 FabianFrank