Lukasz Posted Friday at 02:50 PM Report Posted Friday at 02:50 PM Hello everyone I have a question after installing steam-tradeoffer-manager I got - 8 vulnerabilities (3 moderate, 5 high) Is it safe to use? Is there a fix? # npm audit report lodash.pick >=4.0.0 Severity: high Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw No fix available node_modules/lodash.pick cheerio 0.19.0 - 1.0.0-rc.12 Depends on vulnerable versions of css-select Depends on vulnerable versions of lodash.pick node_modules/cheerio steamcommunity * Depends on vulnerable versions of cheerio Depends on vulnerable versions of request node_modules/steamcommunity steam-tradeoffer-manager * Depends on vulnerable versions of steamcommunity node_modules/steam-tradeoffer-manager nth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr No fix available node_modules/css-select/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/css-select request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/request/node_modules/tough-cookie 8 vulnerabilities (3 moderate, 5 high) Some issues need review, and may require choosing a different dependency. Quote
Dr. McKay Posted Saturday at 01:57 AM Report Posted Saturday at 01:57 AM It's fine in this case, don't worry about it. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.