npm audit reports socket.io vulnerabilities #144

ajvincent · 2024-10-05T19:25:46Z

I'd like to use eshost for testing one of my projects, but I'm a little worried about the npm audit report:

# npm audit report

cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install eshost@6.5.0, which is a breaking change
node_modules/cookie
  engine.io  >=1.8.0
  Depends on vulnerable versions of cookie
  Depends on vulnerable versions of debug
  node_modules/engine.io
    socket.io  >=1.6.0
    Depends on vulnerable versions of debug
    Depends on vulnerable versions of engine.io
    Depends on vulnerable versions of socket.io-parser
    node_modules/socket.io
      eshost  >=6.6.0
      Depends on vulnerable versions of socket.io
      node_modules/eshost

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install eshost@6.5.0, which is a breaking change
node_modules/debug
  socket.io-parser  3.4.0 - 4.0.2
  Depends on vulnerable versions of debug
  node_modules/socket.io-parser

6 low severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

The text was updated successfully, but these errors were encountered:

ljharb · 2024-10-06T00:35:17Z

The vulnerabilities listed here don't apply to "not a webserver", which eshost isn't.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

npm audit reports socket.io vulnerabilities #144

npm audit reports socket.io vulnerabilities #144

ajvincent commented Oct 5, 2024

ljharb commented Oct 6, 2024

npm audit reports socket.io vulnerabilities #144

npm audit reports socket.io vulnerabilities #144

Comments

ajvincent commented Oct 5, 2024

ljharb commented Oct 6, 2024