nodejs-lockfile-parser
Generate a Snyk dependency tree from package-lock.json or yarn.lock file (by snyk)
GHSA-93q8-gq69-wqmw
By advisories
SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
| nodejs-lockfile-parser | GHSA-93q8-gq69-wqmw | |
|---|---|---|
| 1 | 4 | |
| 54 | - | |
| - | - | |
| 5.9 | - | |
| 18 days ago | - | |
| TypeScript | ||
| GNU General Public License v3.0 or later | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nodejs-lockfile-parser
Posts with mentions or reviews of nodejs-lockfile-parser.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-12.
-
The missing `yarn audit --fix` for Yarn 2+ Berry
First of all, we need a lib to read/write yarnlock v2 files. @yarnpkg/lockfile seems the best choice, but it works with v1 only. Maybe nodejs-lockfile-parser? Missed the mark again. It swaps checksums and does not provide dump/format API what is expected for the parser :). It turns out that we are missing yet another one lockfile processor. No problem. If we look closely, the new shiny yarn.lock v2 is a regular yaml with a little strange formatting like extra empty line delimiters, extra quotes, and so on.
GHSA-93q8-gq69-wqmw
Posts with mentions or reviews of GHSA-93q8-gq69-wqmw.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-12.
-
The missing `yarn audit --fix` for Yarn 2+ Berry
{ "actions": [], "advisories": { "1004946": { "findings": [ { "version": "4.1.0", "paths": [ "ts-patch>strip-ansi>ansi-regex", "lerna>npmlog>gauge>ansi-regex", "lerna>@lerna/bootstrap>npmlog>gauge>ansi-regex", ... ] } ], "metadata": null, "vulnerable_versions": ">2.1.1 <5.0.1", "module_name": "ansi-regex", "severity": "moderate", "github_advisory_id": "GHSA-93q8-gq69-wqmw", "cves": [ "CVE-2021-3807" ], "access": "public", "patched_versions": ">=5.0.1", "updated": "2021-09-23T15:45:50.000Z", "recommendation": "Upgrade to version 5.0.1 or later", "cwe": "CWE-918", "found_by": null, "deleted": null, "id": 1004946, "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw", "created": "2021-11-18T16:00:48.472Z", "reported_by": null, "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "npm_advisory_id": null, "overview": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw" },
-
First time playing with gatsby, error running npm develop
# npm audit report ansi-html * Severity: high Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/ansi-html @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/react-dev-utils/node_modules/inquirer/node_modules/ansi-regex node_modules/string-width/node_modules/ansi-regex node_modules/strip-ansi/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/cliui/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/string-width/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/react-dev-utils/node_modules/inquirer/node_modules/strip-ansi node_modules/string-width/node_modules/strip-ansi node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of wrap-ansi node_modules/webpack-dev-server/node_modules/cliui yargs 10.1.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of string-width node_modules/webpack-dev-server/node_modules/yargs webpack-dev-server 2.0.0-beta - 3.11.3 Depends on vulnerable versions of chokidar Depends on vulnerable versions of yargs node_modules/webpack-dev-server @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby eslint 4.5.0 - 7.15.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of table node_modules/eslint @typescript-eslint/eslint-plugin <=3.0.0-alpha.27 Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of eslint node_modules/@typescript-eslint/eslint-plugin eslint-config-react-app 3.0.0-next.03604a46 - 5.2.1 Depends on vulnerable versions of @typescript-eslint/eslint-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of eslint node_modules/eslint-config-react-app @typescript-eslint/parser 1.1.1-alpha.0 - 2.34.1-alpha.2 Depends on vulnerable versions of eslint node_modules/@typescript-eslint/parser gatsby-cli 2.5.9-ink.60 - 2.5.9-ink.61 || >=2.6.0-0 Depends on vulnerable versions of gatsby-recipes Depends on vulnerable versions of strip-ansi node_modules/gatsby-cli inquirer 3.2.0 - 7.0.4 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/react-dev-utils/node_modules/inquirer react-dev-utils 0.4.0 - 11.0.3 Depends on vulnerable versions of inquirer node_modules/react-dev-utils string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/string-width node_modules/table/node_modules/string-width node_modules/webpack-dev-server/node_modules/string-width table 4.0.2 - 5.4.6 Depends on vulnerable versions of string-width node_modules/table wrap-ansi 3.0.0 - 6.1.0 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/webpack-dev-server/node_modules/wrap-ansi yurnalist >=1.0.5 Depends on vulnerable versions of strip-ansi node_modules/yurnalist glob-parent <5.1.2 Severity: high Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/watchpack-chokidar2/node_modules/glob-parent node_modules/webpack-dev-server/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar node_modules/webpack-dev-server/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/webpack gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby webpack-dev-server 2.0.0-beta - 3.11.3 Depends on vulnerable versions of chokidar Depends on vulnerable versions of yargs node_modules/webpack-dev-server @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin nth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/svgo/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/svgo/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2 Depends on vulnerable versions of svgo node_modules/postcss-svgo cssnano-preset-default <=4.0.8 Depends on vulnerable versions of postcss-svgo node_modules/cssnano-preset-default cssnano 4.0.0-nightly.2020.1.9 - 4.1.11 Depends on vulnerable versions of cssnano-preset-default node_modules/cssnano optimize-css-assets-webpack-plugin 3.2.1 || 5.0.0 - 5.0.8 Depends on vulnerable versions of cssnano node_modules/optimize-css-assets-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby react-dev-utils 0.4.0 - 11.0.3 Severity: moderate Improper Neutralization of Special Elements used in an OS Command. - https://github.com/advisories/GHSA-5q6m-3h65-w53x Depends on vulnerable versions of inquirer fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/react-dev-utils gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby trim <0.0.3 Severity: high Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/trim remark-parse <=8.0.3 Depends on vulnerable versions of trim node_modules/remark-parse gatsby-recipes 0.0.7-unifiedroutes.76 - 0.0.7-unifiedroutes-v2.135 || >=0.1.31 Depends on vulnerable versions of remark-parse node_modules/gatsby-recipes gatsby-cli 2.5.9-ink.60 - 2.5.9-ink.61 || >=2.6.0-0 Depends on vulnerable versions of gatsby-recipes Depends on vulnerable versions of strip-ansi node_modules/gatsby-cli gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby ws 7.0.0 - 7.4.5 Severity: moderate ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693 fix available via `npm audit fix` node_modules/@graphql-tools/url-loader/node_modules/ws @graphql-tools/url-loader 6.4.1-alpha-0ea0f8b7.0 - 6.10.1 Depends on vulnerable versions of ws node_modules/@graphql-tools/url-loader 36 vulnerabilities (23 moderate, 13 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force
-
Need Help Fixing Vulnerabilities! Please Help!
More info https://github.com/advisories/GHSA-93q8-gq69-wqmw
-
Vulnerabilities on node modules when creating a nuxt app
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
What are some alternatives?
When comparing nodejs-lockfile-parser and GHSA-93q8-gq69-wqmw you can also consider the following projects:
berry - 📦🐈 Active development trunk for Yarn ⚒
GHSA-ww39-953v-wcq6
yarn - The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
GHSA-rp65-9cf3-cjxr
ansi-regex - Regular expression for matching ANSI escape codes
yarn-audit-fix - The missing `yarn audit fix`
GHSA-4jqc-8m5r-9rpr
GHSA-6fc8-4gx4-v693
GHSA-w7rc-rwvf-8q5r
GHSA-whgm-jr23-g3j9
nodejs-lockfile-parser vs berry
GHSA-93q8-gq69-wqmw vs GHSA-ww39-953v-wcq6
nodejs-lockfile-parser vs yarn
GHSA-93q8-gq69-wqmw vs GHSA-rp65-9cf3-cjxr
nodejs-lockfile-parser vs ansi-regex
GHSA-93q8-gq69-wqmw vs yarn-audit-fix
GHSA-93q8-gq69-wqmw vs GHSA-4jqc-8m5r-9rpr
GHSA-93q8-gq69-wqmw vs GHSA-6fc8-4gx4-v693
GHSA-93q8-gq69-wqmw vs ansi-regex
GHSA-93q8-gq69-wqmw vs GHSA-w7rc-rwvf-8q5r
GHSA-93q8-gq69-wqmw vs GHSA-whgm-jr23-g3j9
GHSA-93q8-gq69-wqmw vs berry