stackoom
  简体   繁体   中英

We found a potential security vulnerability in one of your dependencies

 原文  2020-07-22 10:35:48       javascript/ node.js/ mongodb/ express/ github

Question

I uploaded my node.js project on github and used mongoDB. now its showing "1 mongose vulnerability found in package-lock.json " I tried to fix the issue using "npm audit fix" command it's showing

**npm WARN contact_list@1.0.0 No repository field.

removed 1 package in 0.767s

2 packages are looking for funding run npm fund for details

fixed 0 of 0 vulnerabilities in 94 scanned packages**

so where is the problem?

1 answers

solution1
 0  2020-07-22 14:01:15

GitHub and npm and snyk and white source each have their own list of vulnerabilities. Most they have in common, but some are only detected by specific tools. This has been a big frustration of mine

GitHub uses Dependabot to check your dependencies. Fortunately Dependabot can also fix the detected vulnerability for you or tell you exactly what command do execute.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Isn't JavaScript setTimeout and setInterval have some potential security vulnerability How does one declare a security vulnerability in an npm package as the maintainer and publisher? Security Vulnerability in Enabling CORS Could this be considered a security vulnerability? Hash Security Vulnerability - How to Fix? Wordpress WPBakery and Kaswara security Vulnerability Changing a ajax request to a different php file vulnerability, potential exploit clarification node-sass fstream and tar dependencies vulnerability Security Scan shows vulnerability in JS Script file JavaScript code to “exploit” this vulnerability my friend found
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM