Member-only story
Fixing security vulnerabilities in npm dependencies in less than 3 mins
Hola people!!! 🥑
It’s been a while since I have written a blog and now since most of us are working from home, the time that used to go in commute is now saved and I thought why not utilize this time and write about my recent experience of fixing a security vulnerability.
So if any of you in the recent time have seen something like this image below and have no clue how to fix it then this article is for you. When I saw it, I had no clue either but with some research I could fix this.
🔬 Problem:
So what this means is one of the dependencies in your package.json has some security implications which can be exploited by an attacker and can cause problems for you, your product, for users of your product or the company you work for.
For example: https://snyk.io/vuln/npm:eslint:20180222
This vulnerability could have caused a Regular Expression Denial of Service
💡 Finding:
In order to find potential vulnerabilities in your repo, you can either do
npm audit— which should show you an output like the following image:
