I uploaded my node.js project on github and used mongoDB. now its showing "1 mongose vulnerability found in package-lock.json " I tried to fix the issue using "npm audit fix" command it's showing
**npm WARN contact_list@1.0.0 No repository field.
removed 1 package in 0.767s
2 packages are looking for funding run npm fund
for details
fixed 0 of 0 vulnerabilities in 94 scanned packages**
so where is the problem?
GitHub and npm and snyk and white source each have their own list of vulnerabilities. Most they have in common, but some are only detected by specific tools. This has been a big frustration of mine
GitHub uses Dependabot to check your dependencies. Fortunately Dependabot can also fix the detected vulnerability for you or tell you exactly what command do execute.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.