google-translate-api icon indicating copy to clipboard operation
google-translate-api copied to clipboard

Published 20 hours ago verified publisher icon matheuss

npm audit vulnerability

Open jfoclpf opened this issue 6 years ago • 3 comments

Just FIY

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Sandbox Breakout                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ safe-eval                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.4.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ google-translate-api                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ google-translate-api > safe-eval                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/337                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 critical severity vulnerability in 1334 scanned packages

Can you avoid using safe-eval at index.js, line 73? https://github.com/matheuss/google-translate-api/blob/master/index.js#L73

jfoclpf avatar Jan 01 '19 23:01 jfoclpf

@jfoclpf Hello Friend! Go to the fork of this repository, which is now actively supported: https://github.com/vitalets/google-translate-api

brolnickij avatar Jan 21 '19 16:01 brolnickij

thanks @brolnickij

jfoclpf avatar Jan 21 '19 17:01 jfoclpf

Indeed so, as this dependency has been removed altogether from that repo.

rawr51919 avatar Mar 19 '19 13:03 rawr51919