Adam Baldwin
Adam Baldwin
In general I'm very excited about the potential of the `npm audit resolve` feature. I think some work needs to be done to really make it a good interactive experience...
it hasn't been tested in a long time, I'll take a look when I can get a chance. Any other feedback other than not working? A stack trace or any...
No worries. Just don't use it frequently. :). I'll check out your comments tomorrow and see if I can fix. > On Jan 25, 2017, at 4:27 PM, Rocco Musolino...
@roccomuso ok to answer some questions. 1. node_bindshell.js and node_revshell.js are just examples. they are not actually used. They are not meant to be used together. 2. I'm basically a...
I'm happy to accept PR's for it. I just never thought of that before ha. I mean they should work together just never bothered to try that. On Wed, Feb...
Added -f support for the curl command so that server errors are silently ignored. Still need to find equiv for wget (or drop wget support lol)
What are you trying to test with this change?
As this issue is public, we've issued an advisory here https://nodesecurity.io/advisories/537 as well as requested help from the public to submit a PR / help patch this issue.
There are many instances in which Object Injection could be relevant. The pattern is RARE and shows up in random locations @jlamendo can probably talk more about that. Jon wrote...
@davisjam You've updated safe-regex since submitting this and I plan to bring in that change. For something that hits an external source I'd like it to be configurable or a...