aurbano/robinhood-node

Security

Open

#116 aberto em 26 de nov. de 2020

Ver no GitHub
 (1 comment) (0 reactions) (0 assignees)JavaScript (215 forks)batch import
help wanted

Métricas do repositório

Stars
 (696 stars)
Métricas de merge de PR
 (Nenhuma PRs mesclada em 30d)

Description

I downloaded the latest version 1.7.0 and noticed there were 75 vulnerabilities in this project. 27 of them were HIGH. Given the nature of this library and the potential to expose someone's financial information I wanted to mention this. I will also review the use of lodash, should, uuid, and request to make sure they are malicious.

By removing the following dev dependencies they seem to be resolved:

npm uninstall ava
npm uninstall coveralls
npm uninstall nyc
npm unisntall standard-version

Guia do colaborador