Followed the move to this isolated PerfViewJS project (good idea to isolate issues & dev progress). Did an npm install and it showed an audit with 57 vulns (2 critical, 16 high). I tried an npm audit fix --force
and that doesn't work. Need some help on this one from original authors.
# npm audit report
acorn <5.7.4
Severity: moderate
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) - https://github.com/advisories/GHSA-7fhm-mqm4-2wp7
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/acorn-globals/node_modules/acorn
node_modules/jsdom/node_modules/acorn
node_modules/react-scripts/node_modules/acorn-jsx/node_modules/acorn
node_modules/webpack/node_modules/acorn
acorn-globals <=3.1.0
Depends on vulnerable versions of acorn
node_modules/acorn-globals
acorn-jsx 0.7.1-2 - 3.0.1
Depends on vulnerable versions of acorn
node_modules/react-scripts/node_modules/acorn-jsx
espree 3.0.0-alpha-1 - 3.5.4
Depends on vulnerable versions of acorn-jsx
node_modules/react-scripts/node_modules/espree
eslint 2.0.0-alpha-1 - 4.19.1
Depends on vulnerable versions of espree
node_modules/react-scripts/node_modules/eslint
eslint-config-react-app 0.1.0 - 3.0.0-next.fb6e6f70
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of eslint-plugin-react
node_modules/react-scripts/node_modules/eslint-config-react-app
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
eslint-plugin-import 1.0.0-beta.0 - 2.12.0
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-module-utils
node_modules/react-scripts/node_modules/eslint-plugin-import
eslint-plugin-jsx-a11y 1.5.4 - 6.0.3
Depends on vulnerable versions of eslint
node_modules/react-scripts/node_modules/eslint-plugin-jsx-a11y
eslint-plugin-react 6.0.0-alpha.1 - 7.9.1
Depends on vulnerable versions of eslint
node_modules/react-scripts/node_modules/eslint-plugin-react
jsdom 3.1.2 - 11.2.0
Depends on vulnerable versions of acorn
node_modules/jsdom
jest-environment-jsdom 10.0.2 - 21.3.0-beta.8
Depends on vulnerable versions of jsdom
node_modules/jest-environment-jsdom
jest-cli 0.5.5 - 24.1.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of node-notifier
Depends on vulnerable versions of sane
Depends on vulnerable versions of yargs
node_modules/jest-cli
jest 13.3.0-alpha.4eb0c908 - 23.6.0
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-config 12.1.1-alpha.2935e14d - 21.3.0-beta.8
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-resolve
node_modules/jest-config
jest-runtime 12.1.1-alpha.2935e14d - 24.0.0-alpha.16
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of babel-plugin-istanbul
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of yargs
node_modules/jest-runtime
webpack 0.11.0-beta1 - 2.3.3
Depends on vulnerable versions of acorn
Depends on vulnerable versions of optimist
node_modules/webpack
ansi-html *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ansi-html
react-dev-utils 0.2.0 - 11.0.3
Depends on vulnerable versions of ansi-html
node_modules/react-dev-utils
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
braces <2.3.1
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/braces
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/anymatch
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/chokidar
watchpack 0.2.2 - 1.6.1
Depends on vulnerable versions of chokidar
node_modules/watchpack
http-proxy-middleware 0.3.0 - 0.17.4
Depends on vulnerable versions of micromatch
node_modules/http-proxy-middleware
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server <=3.1.10
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of open
Depends on vulnerable versions of optimist
node_modules/webpack-dev-server
jest-haste-map 16.1.0-alpha.691b0e22 - 24.0.0
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of sane
node_modules/jest-haste-map
jest-cli 0.5.5 - 24.1.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of node-notifier
Depends on vulnerable versions of sane
Depends on vulnerable versions of yargs
node_modules/jest-cli
jest 13.3.0-alpha.4eb0c908 - 23.6.0
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-resolve 18.1.0 - 19.0.2
Depends on vulnerable versions of jest-haste-map
node_modules/jest-resolve
jest-config 12.1.1-alpha.2935e14d - 21.3.0-beta.8
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-resolve
node_modules/jest-config
jest-runtime 12.1.1-alpha.2935e14d - 24.0.0-alpha.16
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of babel-plugin-istanbul
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of yargs
node_modules/jest-runtime
jest-resolve-dependencies 18.1.0
Depends on vulnerable versions of jest-resolve
node_modules/jest-resolve-dependencies
test-exclude <=4.2.3
Depends on vulnerable versions of micromatch
node_modules/test-exclude
babel-plugin-istanbul <=5.0.0
Depends on vulnerable versions of test-exclude
node_modules/babel-plugin-istanbul
babel-jest 14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/babel-jest
color-string <1.5.5
Severity: moderate
Regular Expression Denial of Service (ReDOS) - https://github.com/advisories/GHSA-257v-vj4p-3w2h
fix available via `npm audit fix`
node_modules/color-string
color <=0.11.4
Depends on vulnerable versions of color-string
node_modules/color
colormin *
Depends on vulnerable versions of color
node_modules/colormin
postcss-colormin <=2.2.2
Depends on vulnerable versions of colormin
node_modules/postcss-colormin
cssnano <=3.10.0
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano
debug <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/react-scripts/node_modules/eslint-module-utils/node_modules/debug
eslint-module-utils 1.0.0-beta.0 - 2.0.0
Depends on vulnerable versions of debug
node_modules/react-scripts/node_modules/eslint-module-utils
eslint-plugin-import 1.0.0-beta.0 - 2.12.0
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-module-utils
node_modules/react-scripts/node_modules/eslint-plugin-import
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of glob-parent
node_modules/chokidar
watchpack 0.2.2 - 1.6.1
Depends on vulnerable versions of chokidar
node_modules/watchpack
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
parse-glob >=2.1.0
Depends on vulnerable versions of glob-base
node_modules/parse-glob
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/micromatch
anymatch 1.2.0 - 1.3.2
Depends on vulnerable versions of micromatch
node_modules/anymatch
http-proxy-middleware 0.3.0 - 0.17.4
Depends on vulnerable versions of micromatch
node_modules/http-proxy-middleware
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server <=3.1.10
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of open
Depends on vulnerable versions of optimist
node_modules/webpack-dev-server
jest-haste-map 16.1.0-alpha.691b0e22 - 24.0.0
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of sane
node_modules/jest-haste-map
jest-cli 0.5.5 - 24.1.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of node-notifier
Depends on vulnerable versions of sane
Depends on vulnerable versions of yargs
node_modules/jest-cli
jest 13.3.0-alpha.4eb0c908 - 23.6.0
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-resolve 18.1.0 - 19.0.2
Depends on vulnerable versions of jest-haste-map
node_modules/jest-resolve
jest-config 12.1.1-alpha.2935e14d - 21.3.0-beta.8
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-resolve
node_modules/jest-config
jest-runtime 12.1.1-alpha.2935e14d - 24.0.0-alpha.16
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of babel-plugin-istanbul
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of yargs
node_modules/jest-runtime
jest-resolve-dependencies 18.1.0
Depends on vulnerable versions of jest-resolve
node_modules/jest-resolve-dependencies
test-exclude <=4.2.3
Depends on vulnerable versions of micromatch
node_modules/test-exclude
babel-plugin-istanbul <=5.0.0
Depends on vulnerable versions of test-exclude
node_modules/babel-plugin-istanbul
babel-jest 14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
Depends on vulnerable versions of babel-plugin-istanbul
node_modules/babel-jest
is-svg 2.1.0 - 4.2.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-7r28-3m3f-r2pr
fix available via `npm audit fix`
node_modules/is-svg
js-yaml <=3.13.0
Severity: high
Denial of Service in js-yaml - https://github.com/advisories/GHSA-2pr6-76vf-7546
Code Injection in js-yaml - https://github.com/advisories/GHSA-8j8c-7jfh-h6hx
fix available via `npm audit fix`
node_modules/svgo/node_modules/js-yaml
svgo 0.4.2 - 1.0.5
Depends on vulnerable versions of js-yaml
node_modules/svgo
postcss-svgo <=2.1.6
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
cssnano <=3.10.0
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano
merge <2.1.1
Severity: high
Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/merge
exec-sh <=0.3.1
Depends on vulnerable versions of merge
node_modules/exec-sh
sane 1.0.4 - 4.0.1
Depends on vulnerable versions of exec-sh
node_modules/sane
jest-cli 0.5.5 - 24.1.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of node-notifier
Depends on vulnerable versions of sane
Depends on vulnerable versions of yargs
node_modules/jest-cli
jest 13.3.0-alpha.4eb0c908 - 23.6.0
Depends on vulnerable versions of jest-cli
node_modules/jest
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
jest-haste-map 16.1.0-alpha.691b0e22 - 24.0.0
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of sane
node_modules/jest-haste-map
jest-resolve 18.1.0 - 19.0.2
Depends on vulnerable versions of jest-haste-map
node_modules/jest-resolve
jest-config 12.1.1-alpha.2935e14d - 21.3.0-beta.8
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-resolve
node_modules/jest-config
jest-runtime 12.1.1-alpha.2935e14d - 24.0.0-alpha.16
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of babel-plugin-istanbul
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of yargs
node_modules/jest-runtime
jest-resolve-dependencies 18.1.0
Depends on vulnerable versions of jest-resolve
node_modules/jest-resolve-dependencies
mime <1.4.1
Severity: moderate
Regular Expression Denial of Service in mime - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/mime
url-loader 0.5.5 - 0.5.9
Depends on vulnerable versions of mime
node_modules/url-loader
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
minimist <=1.2.1
Severity: moderate
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution) - https://github.com/advisories/GHSA-7fhm-mqm4-2wp7
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/optimist/node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
webpack 0.11.0-beta1 - 2.3.3
Depends on vulnerable versions of acorn
Depends on vulnerable versions of optimist
node_modules/webpack
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server <=3.1.10
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of open
Depends on vulnerable versions of optimist
node_modules/webpack-dev-server
node-notifier <8.0.1
Severity: moderate
OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-notifier
jest-cli 0.5.5 - 24.1.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of node-notifier
Depends on vulnerable versions of sane
Depends on vulnerable versions of yargs
node_modules/jest-cli
jest 13.3.0-alpha.4eb0c908 - 23.6.0
Depends on vulnerable versions of jest-cli
node_modules/jest
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
open <6.0.0
Severity: critical
Command Injection in open - https://github.com/advisories/GHSA-28xh-wpgr-7fm8
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/open
webpack-dev-server <=3.1.10
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of open
Depends on vulnerable versions of optimist
node_modules/webpack-dev-server
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
react-dev-utils 0.2.0 - 11.0.3
Severity: high
Improper Neutralization of Special Elements used in an OS Command. - https://github.com/advisories/GHSA-5q6m-3h65-w53x
Depends on vulnerable versions of ansi-html
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/react-dev-utils
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server <=3.1.10
Severity: critical
Missing Origin Validation in webpack-dev-server - https://github.com/advisories/GHSA-cf66-xwfp-gvc4
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of open
Depends on vulnerable versions of optimist
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/webpack-dev-server
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
yargs-parser <=5.0.0
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/yargs-parser
yargs 4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1
Depends on vulnerable versions of yargs-parser
node_modules/yargs
jest-cli 0.5.5 - 24.1.0
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-environment-jsdom
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of node-notifier
Depends on vulnerable versions of sane
Depends on vulnerable versions of yargs
node_modules/jest-cli
jest 13.3.0-alpha.4eb0c908 - 23.6.0
Depends on vulnerable versions of jest-cli
node_modules/jest
react-scripts 0.1.0 - 4.0.0-next.117
Depends on vulnerable versions of eslint
Depends on vulnerable versions of eslint-config-react-app
Depends on vulnerable versions of eslint-plugin-import
Depends on vulnerable versions of eslint-plugin-jsx-a11y
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of jest
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of url-loader
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
jest-runtime 12.1.1-alpha.2935e14d - 24.0.0-alpha.16
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of babel-plugin-istanbul
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-resolve
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of yargs
node_modules/jest-runtime
57 vulnerabilities (10 low, 29 moderate, 16 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force