Security · aurbano/robinhood-node#116

(1 comment) (0 reactions) (0 assignees)JavaScript (696 stars) (215 forks)batch import

help wanted

説明

I downloaded the latest version 1.7.0 and noticed there were 75 vulnerabilities in this project. 27 of them were HIGH. Given the nature of this library and the potential to expose someone's financial information I wanted to mention this. I will also review the use of lodash, should, uuid, and request to make sure they are malicious.

By removing the following dev dependencies they seem to be resolved:

npm uninstall ava
npm uninstall coveralls
npm uninstall nyc
npm unisntall standard-version

コントリビューターガイド

技術スタック: nodejsjavascript
領域: security
Issue 種別: security
難度: 2
推定時間: 1-3 hours
活動状況: stale
明確さ: mostly clear
前提条件: npmdependency management
初心者向け度: 75
調査方針: Run `npm audit` to confirm vulnerabilities in the current dependencies. Examine package.json to evaluate the suggested removal of ava, coveralls, nyc, and standard version. Update package.json and package lock.json to remove these dev dependencies if safe, or update to patched versions. Check the repository's existing security policies.