Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical vulnerabilities in the project #354

Open
whtswrng opened this issue Apr 29, 2024 · 2 comments
Open

Critical vulnerabilities in the project #354

whtswrng opened this issue Apr 29, 2024 · 2 comments

Comments

@whtswrng
Copy link

If you run npm audit you can see there are "81 vulnerabilities (23 moderate, 44 high, 14 critical)". Do you plan to address them? Right now, it's a serious security risk to deploy the application with boomerang to production, given how many high/critical vulnerabilities are in the project.
@bluesmoon
Copy link
Member

boomerang does not need to be installed with npm. you can just concatenate all the source files, minify it and deploy it without using anything else.

@nicjansma
Copy link

@whtswrng all of the vulnerabilities noted come from devDependencies which are just used to (optionally) build the bundle. As @bluesmoon mentions, you could do the bundling and minification yourself, if you choose.

There are no known vulnerabilities in the boomerang.js source (including plugins), nor in the 4 open-source libraries that are (optionally) bundled with it.

$ npm audit --omit dev
found 0 vulnerabilities

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bluesmoon @nicjansma @whtswrng