Giters

seydx / camera.ui

NVR like user Interface for RTSP capable cameras

Home Page:https://github.com/seydx/camera.ui

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

installation in window 11

ifastech opened this issue · comments

commented

npm audit report

ftp-srv >=0.0.0
Severity: high
Server-Side Request Forgery in ftp-srv - GHSA-r4m5-47cq-6qg8
No fix available
node_modules/ftp-srv

jsonwebtoken <=8.5.1
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage - GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - GHSA-qwph-4952-7xr6
No fix available
node_modules/socketio-jwt/node_modules/jsonwebtoken
socketio-jwt *
Depends on vulnerable versions of jsonwebtoken
node_modules/socketio-jwt

postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - GHSA-7fh5-64p2-3v2j
fix available via npm audit fix --force
Will install @vue/cli-service@3.3.1, which is a breaking change
node_modules/@vue/component-compiler-utils/node_modules/postcss
@vue/component-compiler-utils *
Depends on vulnerable versions of postcss
node_modules/@vue/component-compiler-utils
@vue/cli-service *
Depends on vulnerable versions of @vue/component-compiler-utils
Depends on vulnerable versions of vue-loader
node_modules/@vue/cli-service
vue-loader 15.0.0-beta.1 - 15.11.1
Depends on vulnerable versions of @vue/component-compiler-utils
node_modules/@vue/vue-loader-v15

request *
Severity: moderate
Server-Side Request Forgery in Request - GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via npm audit fix --force
Will install node-telegram-bot-api@0.63.0, which is a breaking change
node_modules/request
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
@cypress/request-promise *
Depends on vulnerable versions of request-promise-core
node_modules/@cypress/request-promise
node-telegram-bot-api >=0.64.0
Depends on vulnerable versions of @cypress/request-promise
node_modules/node-telegram-bot-api

tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
fix available via npm audit fix --force
Will install node-telegram-bot-api@0.63.0, which is a breaking change
node_modules/request/node_modules/tough-cookie

12 vulnerabilities (11 moderate, 1 high)

To address all issues possible (including breaking changes), run:
npm audit fix --force

Some issues need review, and may require choosing
a different dependency.