If you’re not averse through trawling through threads on GitHub issues, this is a concise list on how to address GitHub’s vulnerability warnings in your code repository. You will see a yellow-coloured warning box if one has been detected in your
(Courtesy of GitHub)
Assuming that the offending package is
$ npm ls hoek
- Examine the output.
- Look at the package listed at the top of the tree –
json-serverin this case.
Hoekis a subdependency to it via
request, so the latest (or, updated) version of request would solve this issue.
- I looked at the releases page for json-server and updated my
package.json`to the latest version of the package.
$ npm install
- If you run the first command again, you either will see the updated version of hoek or it won’t show up at all. The latter case means that it was dropped in the latest version of
There you go! May it save someone hours of pain and Googling…