Lukasz Posted March 28 Report Posted March 28 Hello everyone I have a question after installing steam-tradeoffer-manager I got - 8 vulnerabilities (3 moderate, 5 high) Is it safe to use? Is there a fix? # npm audit report lodash.pick >=4.0.0 Severity: high Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw No fix available node_modules/lodash.pick cheerio 0.19.0 - 1.0.0-rc.12 Depends on vulnerable versions of css-select Depends on vulnerable versions of lodash.pick node_modules/cheerio steamcommunity * Depends on vulnerable versions of cheerio Depends on vulnerable versions of request node_modules/steamcommunity steam-tradeoffer-manager * Depends on vulnerable versions of steamcommunity node_modules/steam-tradeoffer-manager nth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr No fix available node_modules/css-select/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/css-select request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/request tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/request/node_modules/tough-cookie 8 vulnerabilities (3 moderate, 5 high) Some issues need review, and may require choosing a different dependency. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.