Navigation

    SmartAPI Forum
    • Register
    • Login
    • Search
    • Categories
    • Popular
    • Groups
    • FAQs
    • API Docs
    1. Home
    2. Punith
    3. Posts
    P
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    Posts made by Punith

    • not able to "npm install smartapi-javascript"

      i am getting this vulnerabilities message, plz help me solvve this.i just pasted the complete install and audit fix output.

      PS C:\Users\PC\Desktop\alldesktop\Stock Market\JAVA SDK> npm install smartapi-javascript

      56 packages are looking for funding
      run npm fund for details

      7 vulnerabilities (2 moderate, 5 high)

      To address issues that do not require attention, run:
      npm audit fix

      Some issues need review, and may require choosing
      a different dependency.

      Run npm audit for details.
      PS C:\Users\PC\Desktop\alldesktop\Stock Market\JAVA SDK> npm audit fix

      up to date, audited 406 packages in 3s

      56 packages are looking for funding
      run npm fund for details

      npm audit report

      axios <=0.27.2
      Severity: high
      Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
      axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
      Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
      No fix available
      node_modules/smartapi-javascript/node_modules/axios
      smartapi-javascript *
      Depends on vulnerable versions of axios
      Depends on vulnerable versions of public-ip
      Depends on vulnerable versions of sinon
      node_modules/smartapi-javascript

      got <11.8.5
      Severity: moderate
      Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
      fix available via npm audit fix
      node_modules/got
      public-ip 2.1.0 - 4.0.4
      Depends on vulnerable versions of got
      node_modules/public-ip

      path-to-regexp 0.2.0 - 7.2.0
      Severity: high
      path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
      No fix available
      node_modules/nise/node_modules/path-to-regexp
      nise *
      Depends on vulnerable versions of path-to-regexp
      node_modules/nise
      sinon >=3.0.0
      Depends on vulnerable versions of nise
      node_modules/sinon

      7 vulnerabilities (2 moderate, 5 high)

      To address issues that do not require attention, run:
      npm audit fix

      Some issues need review, and may require choosing
      a different dependency.

      posted in Bugs
      P
      Punith