CodeceptJS icon indicating copy to clipboard operation
CodeceptJS copied to clipboard
verified publisher icon codeceptjs

Has high severity vulnerabilities

Open NagayamaToshiaki opened this issue 11 months ago • 3 comments

I installed CodeceptJS at latest, then Node.js showed it has vulnerabirities. I audited and the result is:

# npm audit report

cross-spawn  <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/child-process-promise/node_modules/cross-spawn
  child-process-promise  >=2.2.0
  Depends on vulnerable versions of cross-spawn
  node_modules/child-process-promise
    detox  >=4.1.1
    Depends on vulnerable versions of child-process-promise
    node_modules/detox
      @codeceptjs/detox-helper  *
      Depends on vulnerable versions of detox
      node_modules/@codeceptjs/detox-helper
        codeceptjs  2.2.1 || 3.5.1-2.beta.7 || >=3.5.10
        Depends on vulnerable versions of @codeceptjs/detox-helper
        node_modules/codeceptjs

NagayamaToshiaki avatar Feb 25 '25 06:02 NagayamaToshiaki

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar May 27 '25 02:05 github-actions[bot]

Just try with current version

# npm audit report

taffydb  *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
No fix available
node_modules/taffydb
  jsdoc  3.2.0-dev - 3.6.11
  Depends on vulnerable versions of taffydb
  node_modules/jsdoc
    tsd-jsdoc  *
    Depends on vulnerable versions of jsdoc
    node_modules/tsd-jsdoc

vue-template-compiler  >=2.0.0
Severity: moderate
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-g3ch-rx76-35fx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/vue-template-compiler
  documentation  >=6.3.0
  Depends on vulnerable versions of vue-template-compiler
  node_modules/documentation

5 vulnerabilities (2 moderate, 3 high)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

kobenguyent avatar Jun 26 '25 12:06 kobenguyent

This issue is stale because it has been open for 90 days with no activity.

github-actions[bot] avatar Sep 26 '25 02:09 github-actions[bot]