Liberty Liberty Liberty issue
sorvis opened this issue · comments
Hello,
It appears that this package was vulnerable to the liberty liberty liberty patch.
Article here about it:
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
Not sure if we need a PR in this repository to resolve the issue to pin a package dependency version?
@sorvis Thanks for your issue!
I've pinned color.js
to exact 1.4.0 and just released a new version 2.1.2
. Would you please confirm this patch?
But it seems the problematic version has been removed from the npm registry.