Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM Audit Security report #391

Closed
dsemenovsky opened this issue Sep 21, 2020 · 3 comments
Closed

NPM Audit Security report #391

dsemenovsky opened this issue Sep 21, 2020 · 3 comments

Comments

@dsemenovsky
Copy link

Steps to reproduce the behavior:
Install react-images as a dependency

Expected behavior:
Expected to have npm audit passing.

Actual behavior:

                       === npm audit security report ===                        
                                                                                
                                                                                
                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           
                                                                                
                                                                                
  Low             Denial of Service                                             
                                                                                
  Package         node-fetch                                                    
                                                                                
  Patched in      >=2.6.1 <3.0.0-beta.1|| >= 3.0.0-beta.9                       
                                                                                
  Dependency of   react-images [dev]                                            
                                                                                
  Path            react-images > glam > fbjs > isomorphic-fetch > node-fetch    
                                                                                
  More info       https://npmjs.com/advisories/1556
@davwheat
Copy link
Collaborator

davwheat commented Sep 21, 2020
edited
Loading

Please read the README.

I'm thinking of creating my own version of this library, though.

⚠️ Warning!

Don't use this in a new project. This package hasn't been properly maintained in a long time and there are much better options available.

Instead, try...

@davwheat
Copy link
Collaborator

davwheat commented Feb 9, 2021

@dsemenovsky Turns out this is a dev dependencies used for the docs. This does not affect the package itself.

@davwheat davwheat closed this as completed Feb 9, 2021
@jossmac
Copy link
Owner

jossmac commented Feb 9, 2021

@davwheat

I'm thinking of creating my own version of this library, though.

If you end up doing this (I hope you do) try to render as little as possible for the consumer by employing hooks and render props. Once you take control of render the API becomes infinite.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dsemenovsky @jossmac @davwheat