GHSA-93q8-gq69-wqmw
By advisories
berry
๐ฆ๐ Active development trunk for Yarn โ (by yarnpkg)
SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
GHSA-93q8-gq69-wqmw | berry | |
---|---|---|
4 | 188 | |
- | 7,147 | |
- | 1.2% | |
- | 9.2 | |
- | 4 days ago | |
TypeScript | ||
- | BSD 2-clause "Simplified" License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GHSA-93q8-gq69-wqmw
Posts with mentions or reviews of GHSA-93q8-gq69-wqmw.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-12.
-
The missing `yarn audit --fix` for Yarn 2+ Berry
{ "actions": [], "advisories": { "1004946": { "findings": [ { "version": "4.1.0", "paths": [ "ts-patch>strip-ansi>ansi-regex", "lerna>npmlog>gauge>ansi-regex", "lerna>@lerna/bootstrap>npmlog>gauge>ansi-regex", ... ] } ], "metadata": null, "vulnerable_versions": ">2.1.1 <5.0.1", "module_name": "ansi-regex", "severity": "moderate", "github_advisory_id": "GHSA-93q8-gq69-wqmw", "cves": [ "CVE-2021-3807" ], "access": "public", "patched_versions": ">=5.0.1", "updated": "2021-09-23T15:45:50.000Z", "recommendation": "Upgrade to version 5.0.1 or later", "cwe": "CWE-918", "found_by": null, "deleted": null, "id": 1004946, "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw", "created": "2021-11-18T16:00:48.472Z", "reported_by": null, "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "npm_advisory_id": null, "overview": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw" },
-
First time playing with gatsby, error running npm develop
# npm audit report ansi-html * Severity: high Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/ansi-html @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/react-dev-utils/node_modules/inquirer/node_modules/ansi-regex node_modules/string-width/node_modules/ansi-regex node_modules/strip-ansi/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/cliui/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/string-width/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/react-dev-utils/node_modules/inquirer/node_modules/strip-ansi node_modules/string-width/node_modules/strip-ansi node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of wrap-ansi node_modules/webpack-dev-server/node_modules/cliui yargs 10.1.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of string-width node_modules/webpack-dev-server/node_modules/yargs webpack-dev-server 2.0.0-beta - 3.11.3 Depends on vulnerable versions of chokidar Depends on vulnerable versions of yargs node_modules/webpack-dev-server @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby eslint 4.5.0 - 7.15.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of table node_modules/eslint @typescript-eslint/eslint-plugin <=3.0.0-alpha.27 Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of eslint node_modules/@typescript-eslint/eslint-plugin eslint-config-react-app 3.0.0-next.03604a46 - 5.2.1 Depends on vulnerable versions of @typescript-eslint/eslint-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of eslint node_modules/eslint-config-react-app @typescript-eslint/parser 1.1.1-alpha.0 - 2.34.1-alpha.2 Depends on vulnerable versions of eslint node_modules/@typescript-eslint/parser gatsby-cli 2.5.9-ink.60 - 2.5.9-ink.61 || >=2.6.0-0 Depends on vulnerable versions of gatsby-recipes Depends on vulnerable versions of strip-ansi node_modules/gatsby-cli inquirer 3.2.0 - 7.0.4 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/react-dev-utils/node_modules/inquirer react-dev-utils 0.4.0 - 11.0.3 Depends on vulnerable versions of inquirer node_modules/react-dev-utils string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/string-width node_modules/table/node_modules/string-width node_modules/webpack-dev-server/node_modules/string-width table 4.0.2 - 5.4.6 Depends on vulnerable versions of string-width node_modules/table wrap-ansi 3.0.0 - 6.1.0 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/webpack-dev-server/node_modules/wrap-ansi yurnalist >=1.0.5 Depends on vulnerable versions of strip-ansi node_modules/yurnalist glob-parent <5.1.2 Severity: high Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/watchpack-chokidar2/node_modules/glob-parent node_modules/webpack-dev-server/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar node_modules/webpack-dev-server/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/webpack gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby webpack-dev-server 2.0.0-beta - 3.11.3 Depends on vulnerable versions of chokidar Depends on vulnerable versions of yargs node_modules/webpack-dev-server @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin nth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/svgo/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/svgo/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2 Depends on vulnerable versions of svgo node_modules/postcss-svgo cssnano-preset-default <=4.0.8 Depends on vulnerable versions of postcss-svgo node_modules/cssnano-preset-default cssnano 4.0.0-nightly.2020.1.9 - 4.1.11 Depends on vulnerable versions of cssnano-preset-default node_modules/cssnano optimize-css-assets-webpack-plugin 3.2.1 || 5.0.0 - 5.0.8 Depends on vulnerable versions of cssnano node_modules/optimize-css-assets-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby react-dev-utils 0.4.0 - 11.0.3 Severity: moderate Improper Neutralization of Special Elements used in an OS Command. - https://github.com/advisories/GHSA-5q6m-3h65-w53x Depends on vulnerable versions of inquirer fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/react-dev-utils gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby trim <0.0.3 Severity: high Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/trim remark-parse <=8.0.3 Depends on vulnerable versions of trim node_modules/remark-parse gatsby-recipes 0.0.7-unifiedroutes.76 - 0.0.7-unifiedroutes-v2.135 || >=0.1.31 Depends on vulnerable versions of remark-parse node_modules/gatsby-recipes gatsby-cli 2.5.9-ink.60 - 2.5.9-ink.61 || >=2.6.0-0 Depends on vulnerable versions of gatsby-recipes Depends on vulnerable versions of strip-ansi node_modules/gatsby-cli gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby ws 7.0.0 - 7.4.5 Severity: moderate ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693 fix available via `npm audit fix` node_modules/@graphql-tools/url-loader/node_modules/ws @graphql-tools/url-loader 6.4.1-alpha-0ea0f8b7.0 - 6.10.1 Depends on vulnerable versions of ws node_modules/@graphql-tools/url-loader 36 vulnerabilities (23 moderate, 13 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force
-
Need Help Fixing Vulnerabilities! Please Help!
More info https://github.com/advisories/GHSA-93q8-gq69-wqmw
-
Vulnerabilities on node modules when creating a nuxt app
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
berry
Posts with mentions or reviews of berry.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-05-08.
-
How to set up a new project using Yarn
# .gitignore .yarn/* !.yarn/patches !.yarn/plugins !.yarn/releases !.yarn/sdks !.yarn/versions # Swap the comments on the following lines if you don't wish to use zero-installs # Documentation here: https://yarnpkg.com/features/zero-installs # !.yarn/cache .pnp.* node_modules
-
How to resize images for Open Graph and Twitter using sharp
If you need help with setting up the project, I recommend that you follow this guide from Yarn documentation.
-
Node package managers (npm, yarn, pnpm) - All you need to know
Yarn
-
Create a Chat App With Node.js
Install Yarn or NPM to add the required packages and modules.
-
Assign a smart contract to an existing SFS NFT with Thirdweb deployment
Latest version of Node and Yarn
-
How to Register a Smart Contract to Mode SFS with Thirdweb
Have Node and Yarn installed with a recent version.
-
Understanding Dependencies in Programming
Node.js manages dependencies using package managers like npm (Node Package Manager), yarn, and pnpm. npm comes pre-installed with Node.js and allows you to install and uninstall Node.js packages. It uses a package.json file to keep track of which packages your project depends on. Yarn and Pnpm are alternative package managers that aim to improve on npm in various ways, such as improved performance and better lock file format.
-
Run a Linux Distro in your Android device
Depending on the stack of the repository you are cloning, you might have to install additional dependencies. For this demo, I'm using my own website, which is a static website built with Astro.js. It which requires to have Node.js installed and Yarn for package manager.
-
Unit Testing in Node.js and TypeScript: A Comprehensive Guide with Jest Integration
A package manager such as npm, Yarn, or pnpm. A package manager is a tool that helps you manage the dependencies of your project. You can use any of these package managers to install Jest and other packages.
-
Guide to ChatGPT API Implementation for Developers
To start off, you'll need Node.js installed on your local system. This ChatGPT API guide will use Yarn to install dependencies in the project, but you're free to use npm or any other package management tool if you wish. Finally, you'll need an OpenAI account for ChatGPT API access.
What are some alternatives?
When comparing GHSA-93q8-gq69-wqmw and berry you can also consider the following projects:
GHSA-ww39-953v-wcq6
yarn - The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
GHSA-rp65-9cf3-cjxr
pnpm - Fast, disk space efficient package manager
yarn-audit-fix - The missing `yarn audit fix`
docker-node - Official Docker Image for Node.js :whale: :turtle: :rocket:
GHSA-4jqc-8m5r-9rpr
nx - Smart Monorepos ยท Fast CI
GHSA-6fc8-4gx4-v693
snarkdown - :smirk_cat: A snarky 1kb Markdown parser written in JavaScript
ansi-regex - Regular expression for matching ANSI escape codes
lerna - :dragon: Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.
GHSA-93q8-gq69-wqmw vs GHSA-ww39-953v-wcq6
berry vs yarn
GHSA-93q8-gq69-wqmw vs GHSA-rp65-9cf3-cjxr
berry vs pnpm
GHSA-93q8-gq69-wqmw vs yarn-audit-fix
berry vs docker-node
GHSA-93q8-gq69-wqmw vs GHSA-4jqc-8m5r-9rpr
berry vs nx
GHSA-93q8-gq69-wqmw vs GHSA-6fc8-4gx4-v693
berry vs snarkdown
GHSA-93q8-gq69-wqmw vs ansi-regex
berry vs lerna