Skip to content
This repository was archived by the owner on Feb 15, 2024. It is now read-only.

dankeboy36/ghsa-7884-8cw4-qpgx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
packages
packages
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.MD
README.MD
 
 
package.json
package.json
 
 

Repository files navigation

ghsa-7884-8cw4-qpgx

Bare minimum setup to reproduce GHSA-7884-8cw4-qpgx. See github/advisory-database#3487 for more details.

This example uses npm workspaces. There are two private packages: arduino-ide-extension, and the other (naming is irrelevant for the latter).

Steps

  1. Install the dependencies. The project does not have any dependencies.

    npm i

  2. Verify the workspaces is correctly configured. Expect the project name to be echoed to the standard out.

    npm run echo

  3. Run npm audit

    npm audit

Actual output:

% npm audit
# npm audit report

arduino-ide-extension  *
Severity: critical
Malware in arduino-ide-extension - https://github.com/advisories/GHSA-7884-8cw4-qpgx
No fix available
node_modules/arduino-ide-extension
packages/arduino-ide-extension

1 critical severity vulnerability

Some issues need review, and may require choosing
a different dependency.

About

Bare minimum setup to reproduce https://github.com/advisories/GHSA-7884-8cw4-qpgx. See: https://github.com/github/advisory-database/issues/3487

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published