datamaps icon indicating copy to clipboard operation
datamaps copied to clipboard

Published 20 hours ago verified publisher icon markmarkoh

Getting Vulnerability Reported from NPM

Open Dave3of5 opened this issue 6 years ago • 2 comments

I'm getting a vulnerability reported when running npm audit with v 0.5.9:

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Sandbox Breakout / Arbitrary Code Execution

  Package         static-eval

  Patched in      No patch available

  Dependency of   datamaps [dev]

  Path            datamaps > topojson > d3-geo-projection > brfs >
                  static-module > static-eval

  More info       https://nodesecurity.io/advisories/758

found 1 moderate severity vulnerability in 92222 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Seems to be coming from topojson would you be able to update this dependency ?

Dave3of5 avatar Feb 18 '19 10:02 Dave3of5

Any plans to get this vulnerability resolved?

gaurav-quasar avatar Feb 27 '19 15:02 gaurav-quasar

@markmarkoh Did you get the notification for this ?

Dave3of5 avatar Mar 06 '19 11:03 Dave3of5