$ npm audit --summary
# audit summary
41 total vulnerabilities found.
## direct dependencies
8: eslint-watch [dev]
8: gulp [dev]
17: react-scripts [dev]
4: jest [dev]
4: jest-cli [dev]
## effected packages
16: hoek
4: sshpk
4: tough-cookie
13: deep-extend
4: debug
## vulnerabilities
29: prototype pollution
12: regular expression denial of service
Created
May 10, 2018 17:52
-
-
Save kalisjoshua/9aebf14dcf3c1d80503a18631e55f95f to your computer and use it in GitHub Desktop.
npm audit added functionality - summary
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fs = require('fs') | |
| const file = './audit.log' | |
| const start = (q) => /^β[β]+β¬[β]+β$/.test(q) | |
| const split = (q) => /^β[β]+βΌ[β]+β€$/.test(q) | |
| const close = (q) => /^β[β]+β΄[β]+β$/.test(q) | |
| const audit = fs.readFileSync(file, 'utf-8') | |
| .split(/\n/g) | |
| .reduce((acc, line) => { | |
| if (start(line)) { | |
| acc.open = true | |
| } else if (split(line)) { | |
| // skip line; do nothing | |
| } else if (close(line)) { | |
| acc.items.push(makeObject(acc.pending)) | |
| acc.open = false | |
| delete acc.pending | |
| acc.pending = [] | |
| } else if (acc.open) { | |
| const [a, b] = line | |
| .split('β') | |
| .map((x) => x.trim()) | |
| .filter((x) => x) | |
| if (a && b) { | |
| acc.pending.push([a, b]) | |
| } else { | |
| acc.pending[acc.pending.length - 1][1] += ' ' + a | |
| } | |
| } | |
| return acc | |
| }, {items: [], open: false, pending: []}) | |
| function makeObject(table) { | |
| const [severity, type] = table.shift() | |
| return table | |
| .reduce((acc, [key, val]) => | |
| ({...acc, [key]: val}), {severity, type}) | |
| } | |
| module.exports = audit.items |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| === npm audit security report === | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β Manual Review β | |
| β Some vulnerabilities require your attention to resolve β | |
| β β | |
| β Visit https://go.npm.me/audit-guide for additional guidance β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > request β | |
| β β > hawk > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > request β | |
| β β > hawk > cryptiles > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > request β | |
| β β > hawk > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > request β | |
| β β > hawk > sntp > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β request > hawk > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β request > hawk > cryptiles > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β request > hawk > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β request > hawk > sntp > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > cryptiles > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > sntp > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > cryptiles > boom > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β moderate β Prototype pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > request > hawk > sntp > hoek β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/566 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > request β | |
| β β > http-signature > sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/606 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β request > http-signature > sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/606 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > request > http-signature > sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/606 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > request > http-signature > sshpk β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/606 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > request β | |
| β β > tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/525 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β request > tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/525 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > request > tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/525 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β high β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > request > tough-cookie β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/525 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > rc > β | |
| β β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest > jest-cli > jest-haste-map > sane > fsevents > β | |
| β β node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest > jest-cli > jest-runner > jest-haste-map > sane > β | |
| β β fsevents > node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest > jest-cli > jest-runner > jest-runtime > β | |
| β β jest-haste-map > sane > fsevents > node-pre-gyp > rc > β | |
| β β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest > jest-cli > jest-runtime > jest-haste-map > sane > β | |
| β β fsevents > node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest-cli [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest-cli > jest-haste-map > sane > fsevents > node-pre-gyp > β | |
| β β rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest-cli [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest-cli > jest-runner > jest-haste-map > sane > fsevents > β | |
| β β node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest-cli [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest-cli > jest-runner > jest-runtime > jest-haste-map > β | |
| β β sane > fsevents > node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β jest-cli [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β jest-cli > jest-runtime > jest-haste-map > sane > fsevents > β | |
| β β node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > fsevents > node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Prototype Pollution β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > rc > deep-extend β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/612 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β eslint-watch [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β eslint-watch > chokidar > fsevents > node-pre-gyp > tar-pack β | |
| β β > debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/534 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β gulp [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β gulp > glob-watcher > chokidar > fsevents > node-pre-gyp > β | |
| β β tar-pack > debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/534 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack > watchpack > chokidar > fsevents > β | |
| β β node-pre-gyp > tar-pack > debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/534 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β low β Regular Expression Denial of Service β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Package β debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Dependency of β react-scripts [dev] β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β Path β react-scripts > webpack-dev-server > chokidar > fsevents > β | |
| β β node-pre-gyp > tar-pack > debug β | |
| βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β More info β https://nodesecurity.io/advisories/534 β | |
| βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| [!] 41 vulnerabilities found - Packages audited: 53797 (52984 dev, 2080 optional) | |
| Severity: 17 low | 16 moderate | 8 high |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const data = require('./audit') | |
| const format = (obj, prop) => | |
| Object.keys(obj[prop]) | |
| .reduce((acc, key) => `${acc}\n${padd(obj[prop][key])}: ${key}`, '') | |
| const padd = (n) => `${n}`.padStart(8, ' ') | |
| function summary(data) { | |
| console.log('\n# audit summary\n') | |
| console.log(`${data.length} total vulnerabilities found.`, '\n') | |
| const summary = data.reduce((acc, item) => { | |
| acc.vuln[item.type.toLowerCase()] = (acc.vuln[item.type.toLowerCase()] || 0) + 1 | |
| acc.Package[item.Package] = (acc.Package[item.Package] || 0) + 1 | |
| acc.direct[item['Dependency of']] = (acc.direct[item['Dependency of']] || 0) + 1 | |
| return acc | |
| }, {direct: {}, Package: {}, vuln: {}}) | |
| console.log('\n## direct dependencies') | |
| console.log(format(summary, 'direct'), '\n') | |
| console.log('\n## effected packages') | |
| console.log(format(summary, 'Package'), '\n') | |
| console.log('\n## vulnerabilities') | |
| console.log(format(summary, 'vuln'), '\n') | |
| } | |
| summary(data) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment