Security vulnerabilities found in gitbook-cli 2.3.2
jennyhliu opened this issue · comments
Our application uses gitbook-cli 2.3.2, the following security vulnerabilities are reported from npm audit. The npm version used is 6.4.1.
=== npm audit security report ===
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > cryptiles > │
│ │ boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > hawk > │
│ │ sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > boom │
│ │ > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > │
│ │ cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > hawk > sntp │
│ │ > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > cryptiles > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > boom > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > cryptiles > boom │
│ │ > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ Prototype pollution │
│ Package │ hoek │
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > hawk > sntp > hoek │
│ More info │ https://nodesecurity.io/advisories/566 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fs-vacuum > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fstream > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fstream-npm > fstream-ignore > │
│ │ fstream > rimraf > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > fstream-npm > fstream-ignore > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > glob > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > init-package-json > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > init-package-json > │
│ │ read-package-json > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > fstream > rimraf > │
│ │ glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > glob > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > tar > fstream > rimraf │
│ │ > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > read-installed > │
│ │ read-package-json > glob > minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > read-package-json > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > rimraf > glob > minimatch > │
│ │ brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > tar > fstream > rimraf > glob > │
│ │ minimatch > brace-expansion │
│ More info │ https://nodesecurity.io/advisories/338 │
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > http-signature > │
│ │ sshpk │
│ More info │ https://nodesecurity.io/advisories/606 │
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > │
│ │ http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606 │
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606 │
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > │
│ │ http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606 │
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606 │
│ High │ Regular Expression Denial of Service │
│ Package │ sshpk │
│ Patched in │ >=1.14.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > http-signature > sshpk │
│ More info │ https://nodesecurity.io/advisories/606 │
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525 │
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > │
│ │ tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525 │
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525 │
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525 │
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525 │
│ High │ Regular Expression Denial of Service │
│ Package │ tough-cookie │
│ Patched in │ >=2.3.3 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > tough-cookie │
│ More info │ https://nodesecurity.io/advisories/525 │
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > cacache > ssri │
│ More info │ https://nodesecurity.io/advisories/565 │
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > ssri │
│ More info │ https://nodesecurity.io/advisories/565 │
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > cacache > ssri │
│ More info │ https://nodesecurity.io/advisories/565 │
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > cacache > │
│ │ ssri │
│ More info │ https://nodesecurity.io/advisories/565 │
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > ssri │
│ More info │ https://nodesecurity.io/advisories/565 │
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > ssri │
│ More info │ https://nodesecurity.io/advisories/565 │
│ Moderate │ Regular Expression Denial of Service │
│ Package │ ssri │
│ Patched in │ >=5.2.2 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > ssri │
│ More info │ https://nodesecurity.io/advisories/565 │
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > node-gyp > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664 │
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > npm-registry-client > request > │
│ │ stringstream │
│ More info │ https://nodesecurity.io/advisories/664 │
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664 │
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664 │
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ stringstream │
│ More info │ https://nodesecurity.io/advisories/664 │
│ Moderate │ Out-of-bounds Read │
│ Package │ stringstream │
│ Patched in │ >=0.0.6 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > stringstream │
│ More info │ https://nodesecurity.io/advisories/664 │
│ Moderate │ Memory Exposure │
│ Package │ tunnel-agent │
│ Patched in │ >=0.6.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > node-gyp > request > tunnel-agent │
│ More info │ https://nodesecurity.io/advisories/598 │
│ Moderate │ Memory Exposure │
│ Package │ tunnel-agent │
│ Patched in │ >=0.6.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > npm-registry-client > request > │
│ │ tunnel-agent │
│ More info │ https://nodesecurity.io/advisories/598 │
│ Moderate │ Memory Exposure │
│ Package │ tunnel-agent │
│ Patched in │ >=0.6.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npmi > npm > request > tunnel-agent │
│ More info │ https://nodesecurity.io/advisories/598 │
│ High │ Denial of Service │
│ Package │ https-proxy-agent │
│ Patched in │ >=2.2.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ https-proxy-agent │
│ More info │ https://nodesecurity.io/advisories/593 │
│ High │ Denial of Service │
│ Package │ http-proxy-agent │
│ Patched in │ >=2.1.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ http-proxy-agent │
│ More info │ https://nodesecurity.io/advisories/607 │
│ Low │ Regular Expression Denial of Service │
│ Package │ debug │
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ http-proxy-agent > debug │
│ More info │ https://nodesecurity.io/advisories/534 │
│ Low │ Regular Expression Denial of Service │
│ Package │ debug │
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > pacote > make-fetch-happen > │
│ │ https-proxy-agent > debug │
│ More info │ https://nodesecurity.io/advisories/534 │
│ Low │ Prototype Pollution │
│ Package │ deep-extend │
│ Patched in │ >=0.5.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > update-notifier > latest-version > │
│ │ package-json > registry-auth-token > rc > deep-extend │
│ More info │ https://nodesecurity.io/advisories/612 │
│ Low │ Prototype Pollution │
│ Package │ deep-extend │
│ Patched in │ >=0.5.1 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > npm > update-notifier > latest-version > │
│ │ package-json > registry-url > rc > deep-extend │
│ More info │ https://nodesecurity.io/advisories/612 │
│ Low │ Prototype Pollution │
│ Package │ lodash │
│ Patched in │ >=4.17.5 │
│ Dependency of │ gitbook-cli [dev] │
│ Path │ gitbook-cli > lodash │
│ More info │ https://nodesecurity.io/advisories/577 │
found 76 vulnerabilities (5 low, 57 moderate, 14 high) in 9050 scanned packages
76 vulnerabilities require manual review. See the full report for details.
I can confirm these security vulnerabilities with any npm version that performs the npm audit task with the latest version of gitbook-cli, 2.3.2.
I recorded an asciicast of:
git clone ...npm install(which performs an audit)
The thumbnail currently appears broken, here's the direct link:
https://asciinema.org/a/203750
@AaronO Is there any update on this? Has gitbook-cli been abandoned?
Is this project abandoned @AaronO ?