Latest NPM Install Contains Vulnerabilities #12
Description
After installing this package, I ran npm audit fix to resolve any issue. High vulnerabilities were fixed but some dependencies are not resolved:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Prototype Pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of webkul-micron
Path webkul-micron > gulp-less > less > request > hawk > boom >
hoek
More info https://npmjs.com/advisories/566
Moderate Prototype Pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of webkul-micron
Path webkul-micron > gulp-less > less > request > hawk >
cryptiles > boom > hoek
More info https://npmjs.com/advisories/566
Moderate Prototype Pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of webkul-micron
Path webkul-micron > gulp-less > less > request > hawk > hoek
More info https://npmjs.com/advisories/566
Moderate Prototype Pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of webkul-micron
Path webkul-micron > gulp-less > less > request > hawk > sntp >
hoek
More info https://npmjs.com/advisories/566
found 4 moderate severity vulnerabilities in 24674 scanned packages
4 vulnerabilities require manual review. See the full report for details.
I am unsure if this packaging for NPM needs to be fixed at this level.