Skip to content

Getting security vulnerability after installation using 'npm i vimeo' #129

New issue
New issue
Open
Open
Getting security vulnerability after installation using 'npm i vimeo'#129
@mayuraitavadekar

Description

@mayuraitavadekar
mayuraitavadekar
opened on May 24, 2020

When I installed the library, I got following error :
npm WARN projbackend@1.0.0 No description
npm WARN projbackend@1.0.0 No repository field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.12 (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.12: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

  • vimeo@2.1.1
    added 20 packages from 12 contributors and audited 874 packages in 10.529s

3 packages are looking for funding
run npm fund for details

found 1 low severity vulnerability
run npm audit fix to fix them, or npm audit for details

//-------------------------------------------------------------------------------------------------------------------------------

on npm audit I got following message :

                   === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-scripts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-scripts > webpack-dev-server > yargs > yargs-parser │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1500
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 1895 scanned packages
1 vulnerability requires manual review. See the full report for details.

// ---------------------------------------------------------------------------------------------------------------------------------
Can Anyone please guide me on this issue?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions