Closed
Description
When doing an npm audit
It says not to use this plugin because of its deep deps on macaddress
https://nodesecurity.io/advisories/654
Critical │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ macaddress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ optimize-css-assets-webpack-plugin [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ optimize-css-assets-webpack-plugin > cssnano > │
│ │ postcss-filter-plugins > uniqid > macaddress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/654
Metadata
Metadata
Assignees
Labels
No labels