Skip to content
This repository has been archived by the owner on Nov 27, 2023. It is now read-only.

Security #116

Open
TyeS2K opened this issue Nov 26, 2020 · 1 comment
Open

Security #116

TyeS2K opened this issue Nov 26, 2020 · 1 comment
Labels
help wanted

Comments

@TyeS2K
Copy link

TyeS2K commented Nov 26, 2020

I downloaded the latest version 1.7.0 and noticed there were 75 vulnerabilities in this project. 27 of them were HIGH. Given the nature of this library and the potential to expose someone's financial information I wanted to mention this. I will also review the use of lodash, should, uuid, and request to make sure they are malicious.

By removing the following dev dependencies they seem to be resolved:

npm uninstall ava
npm uninstall coveralls
npm uninstall nyc
npm unisntall standard-version
@aurbano
Copy link
Owner

aurbano commented Dec 10, 2020

Good points! Feel free to send a PR with all the potential dependency cleanup you find after reviewing :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aurbano @TyeS2K