hippie
hippie copied to clipboard
vesln
High Severity - npm audit security issue: Arbitrary File Overwrite
npm module hippie installed v0.5.2 returned npm audit security vulnerability threat on npm install.
I did not find tar dependency inside hippie module in the project. Is there any solution on this vulnerability? Thanks
Following is npm audit report. === npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance High Arbitrary File Overwrite Package tar Patched in >=4.4.2 Dependency of hippie [dev] Path hippie > npm > libcipm > npm-lifecycle > node-gyp > tar More info https://npmjs.com/advisories/803 High Arbitrary File Overwrite Package tar Patched in >=4.4.2 Dependency of hippie [dev] Path hippie > npm > libnpm > npm-lifecycle > node-gyp > tar More info https://npmjs.com/advisories/803 High Arbitrary File Overwrite Package tar Patched in >=4.4.2 Dependency of hippie [dev] Path hippie > npm > node-gyp > tar More info https://npmjs.com/advisories/803 High Arbitrary File Overwrite Package tar Patched in >=4.4.2 Dependency of hippie [dev] Path hippie > npm > npm-lifecycle > node-gyp > tar More info https://npmjs.com/advisories/803 found 4 high severity vulnerabilities in 13578 scanned packages 4 vulnerabilities require manual review. See the full report for details.
workaround;
npm audit fix
helped in my case.
tar is a dependency due to
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
So it seems the latest npm is causing this vulnerability
edit: I filed an issue at npm
