Giter VIP home page Giter VIP logo

Comments (5)

karan-gaur avatar karan-gaur commented on June 13, 2024 7

There have been no updates in the past 10 months... Is this package even active? If so, this issue needs to be handled. @RafalWilinski

from express-status-monitor.

RutsuKun avatar RutsuKun commented on June 13, 2024 2

Yes express-status-monitor needs update

from express-status-monitor.

benmneb avatar benmneb commented on June 13, 2024 1

7 vulnerabilities (1 moderate, 5 high, 1 critical)

# npm audit report

axios  <0.21.1
Severity: high
Server-Side Request Forgery - https://npmjs.com/advisories/1594
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/axios
  express-status-monitor  <=0.1.9 || >=1.2.5
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of socket.io
  node_modules/express-status-monitor

socket.io  <=2.3.0 || 3.0.0-rc1 - 3.0.0-rc4
Severity: high
Insecure Default Configuration - https://npmjs.com/advisories/1609
Depends on vulnerable versions of socket.io-client
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/socket.io
  express-status-monitor  <=0.1.9 || >=1.2.5
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of socket.io
  node_modules/express-status-monitor

ws  5.0.0 - 5.2.2 || 6.0.0 - 6.2.1 || 7.0.0 - 7.4.5
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1748
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io-client/node_modules/ws
  engine.io-client  0.7.0 || 0.7.8 - 0.7.9 || 1.6.0 - 1.8.5 || 2.0.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  1.4.0 - 1.7.3 || 2.0.0 - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5
    Depends on vulnerable versions of engine.io-client
    node_modules/socket.io-client
      socket.io  <=2.3.0 || 3.0.0-rc1 - 3.0.0-rc4
      Depends on vulnerable versions of socket.io-client
      node_modules/socket.io
        express-status-monitor  <=0.1.9 || >=1.2.5
        Depends on vulnerable versions of axios
        Depends on vulnerable versions of socket.io
        node_modules/express-status-monitor

xmlhttprequest-ssl  <=1.6.1
Severity: critical
Arbitrary Code Injection - https://npmjs.com/advisories/1665
Improper Verification of Cryptographic Signature - https://npmjs.com/advisories/1746
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/xmlhttprequest-ssl
  engine.io-client  0.7.0 || 0.7.8 - 0.7.9 || 1.6.0 - 1.8.5 || 2.0.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  1.4.0 - 1.7.3 || 2.0.0 - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5
    Depends on vulnerable versions of engine.io-client
    node_modules/socket.io-client
      socket.io  <=2.3.0 || 3.0.0-rc1 - 3.0.0-rc4
      Depends on vulnerable versions of socket.io-client
      node_modules/socket.io
        express-status-monitor  <=0.1.9 || >=1.2.5
        Depends on vulnerable versions of axios
        Depends on vulnerable versions of socket.io
        node_modules/express-status-monitor

7 vulnerabilities (1 moderate, 5 high, 1 critical)

To address all issues (including breaking changes), run:
  npm audit fix --force

from express-status-monitor.

kevinclarkadstech avatar kevinclarkadstech commented on June 13, 2024

I guess he abandoned it, sad.

from express-status-monitor.

lamweili avatar lamweili commented on June 13, 2024

Mostly closed in the 1.3.4 release (be7b8fc).

Nevertheless, there is 1 outstanding security vulnerability, GHSA-j4f2-536g-r55m.
[email protected] > [email protected] > [email protected]

This has been committed as 1a38ae5 (or PR #188), upgraded [email protected] to [email protected], but yet to have a release.

from express-status-monitor.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.