jsonlint
jsonlint copied to clipboard
avoid arbitrary code execution in "underscore" dependency
jsonlint -> nomnom -> underscore
Underscore has an arbitrary code execution per the link below.
https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
One solution is to "rm package-lock.json" before building. This file is the lock file that "npm install" left behind.
More details:
/jsonlint # npm audit
underscore 1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
fix available via npm audit fix
node_modules/underscore
nomnom >=1.6.0
Depends on vulnerable versions of underscore
node_modules/nomnom
2 high severity vulnerabilities
To address all issues, run: npm audit fix