npm-audit-html icon indicating copy to clipboard operation
npm-audit-html copied to clipboard

Published 20 hours ago • verified publisher icon eventOneHQ

npm-audit-html depends on vulnerable versions of marked

Open jwtd opened this issue 4 years ago • 1 comments

npm-audit-html is being flagged by...npm audit :D

Not a production dependency for me, but wanted to share.

$ npm audit
# npm audit report

marked  1.1.1 - 1.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1623
fix available via `npm audit fix`
node_modules/marked
  npm-audit-html  >=1.4.2
  Depends on vulnerable versions of marked
  node_modules/npm-audit-html

jwtd avatar Feb 24 '21 17:02 jwtd

Heya! I see a PR has been opened for this issue but the tests seem to be failing. Is anyone on the team able to take a look?

whoisbob avatar Jan 31 '22 14:01 whoisbob