dlxeon
Reputation: 2000
npm audit returns weird dependencies
Npm audit returns output with some valid warnings, but also with weird dependencies that look like random hexadecimal strings. That string changes every time when I run npm audit and is identical for all packages, referenced in audit.
How can I get rid of that? Npm version is 6.8.0
High Cross-Site Scripting (XSS)
Package jquery
Patched in >=3.0.0
Dependency of 28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
Path 28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
>
39e4d897653a99aeb635bac80469694d1066d648e1fc9d3ac63ded7789c…
> jquery
More info https://npmjs.com/advisories/328
Moderate Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of browserify-resolutions [dev]
Path browserify-resolutions > lodash
More info https://npmjs.com/advisories/782
Moderate Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of 28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
Path 28941ae593a0bfccfbff69e6c9be45d3edb864692c815174fff557331de…
> lodash
More info https://npmjs.com/advisories/782
Upvotes: 2
Views: 611
Answers (1)
yerabashtard
Reputation: 76
I just ran into the same issue. After looking into the npm docs this has been resolved in Version 7. I just ran npm audit using npm 7+ and it has pointed to the exact packages that are the culprit with no hash.
Upvotes: 2
Related Questions
- npm audit only for production dependencies?
- npm audit return 400 Bad Request
- How to resolve npm audit vulnerabilities? Angular fresh project
- Npm audit issues
- Npm audit issue, keeps getting error again and again
- How to fix manual npm audit packages that require manual review
- Where do NPM audit warnings come from?
- npm install vulnaribilities are different for different projects
- "Run `npm audit` for more detail " warning
- NPM Audit fixes