when Install the npm, found 12 high severity vulnerabilities
NikitaPooja opened this issue · comments
In angular 8, when I have install the npm then found 12 high severity vulnerabilities.
Angular CLI: 8.0.3
Node: 12.4.0
OS: linux x64
Angular: 8.0.1
... animations, cdk, common, compiler, compiler-cli, core, forms
... language-service, material, platform-browser
... platform-browser-dynamic, platform-server, routerPackage Version
@angular-devkit/architect 0.800.3
@angular-devkit/build-angular 0.800.3
@angular-devkit/build-optimizer 0.800.3
@angular-devkit/build-webpack 0.800.3
@angular-devkit/core 8.0.3
@angular-devkit/schematics 8.0.3
@angular/cli 8.0.3
@angular/fire 5.2.1
@angular/flex-layout 8.0.0-beta.26
@angular/http 7.2.15
@ngtools/webpack 8.0.3
@schematics/angular 8.0.3
@schematics/update 0.800.3
rxjs 6.5.2
typescript 3.4.5
webpack 4.30.0
When I run the command
npm audit then show
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > tar > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libnpm > npm-lifecycle > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > libnpm > npm-lifecycle > node-gyp > tar > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > node-gyp > tar > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > npm-lifecycle > node-gyp > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package fstream
Patched in >=1.0.12
Dependency of npm
Path npm > npm-lifecycle > node-gyp > tar > fstream
More info https://npmjs.com/advisories/886
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > libcipm > npm-lifecycle > node-gyp > tar
More info https://npmjs.com/advisories/803
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > libnpm > npm-lifecycle > node-gyp > tar
More info https://npmjs.com/advisories/803
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > node-gyp > tar
More info https://npmjs.com/advisories/803
High Arbitrary File Overwrite
Package tar
Patched in >=2.2.2 <3.0.0 || >=4.4.2
Dependency of npm
Path npm > npm-lifecycle > node-gyp > tar
More info https://npmjs.com/advisories/803
found 12 high severity vulnerabilities in 31844 scanned packages
12 vulnerabilities require manual review. See the full report for details.
I want to found 0 severity vulnerabilities.
Fixed in version 4.1.0. Please reopen if this is still a problem.