Issue
Hi :)
I have the below added security issues with nativescript-dev-webpack.
Environment
"dependencies": {
"nativescript-dev-webpack": "1.5.1"
}
npm audit security report
Run npm update terser-webpack-plugin --depth 3 to resolve 2 vulnerabilities
Moderate Cross-Site Scripting
Package serialize-javascript
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > webpack > terser-webpack-plugin >
serialize-javascript
*
More info https://npmjs.com/advisories/1426
High Remote Code Execution
Package serialize-javascript
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > webpack > terser-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Out-of-bounds Read
Package atob
Patched in >=2.1.0
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > css > source-map-resolve > atob
More info https://npmjs.com/advisories/646
Moderate Cross-Site Scripting
Package serialize-javascript
Patched in >=2.1.1
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > copy-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1426
Moderate Cross-Site Scripting
Package serialize-javascript
Patched in >=2.1.1
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > terser-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1426
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > copy-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > terser-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > webpack-cli > yargs >
yargs-parser
More info https://npmjs.com/advisories/1500
High Prototype Pollution
Package object-path
Patched in >=0.11.5
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > resolve-url-loader >
adjust-sourcemap-loader > object-path
More info https://npmjs.com/advisories/1573**
Issue
Hi :)
I have the below added security issues with nativescript-dev-webpack.
Environment
"dependencies": {
"nativescript-dev-webpack": "1.5.1"
}
npm audit security report
Run npm update terser-webpack-plugin --depth 3 to resolve 2 vulnerabilities
Moderate Cross-Site Scripting
Package serialize-javascript
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > webpack > terser-webpack-plugin >
serialize-javascript
*
More info https://npmjs.com/advisories/1426
High Remote Code Execution
Package serialize-javascript
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > webpack > terser-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
Moderate Out-of-bounds Read
Package atob
Patched in >=2.1.0
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > css > source-map-resolve > atob
More info https://npmjs.com/advisories/646
Moderate Cross-Site Scripting
Package serialize-javascript
Patched in >=2.1.1
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > copy-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1426
Moderate Cross-Site Scripting
Package serialize-javascript
Patched in >=2.1.1
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > terser-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1426
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > copy-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
High Remote Code Execution
Package serialize-javascript
Patched in >=3.1.0
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > terser-webpack-plugin >
serialize-javascript
More info https://npmjs.com/advisories/1548
Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > webpack-cli > yargs >
yargs-parser
More info https://npmjs.com/advisories/1500
High Prototype Pollution
Package object-path
Patched in >=0.11.5
Dependency of nativescript-dev-webpack [dev]
Path nativescript-dev-webpack > resolve-url-loader >
adjust-sourcemap-loader > object-path
More info https://npmjs.com/advisories/1573**