Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialmichelle gleed
23,811 PointsBcrypt Low Severity Vulnerability
I installed bcrypt locally and it found 1 low severity vulnerability due to the deep-extend module.
One of the github contributors said this: "Although the issue is rated as moderate, it is rated as low for us, as we do not use the module in run-time. Even the module is not invoked while installing from npm."
Can anyone tell me if I need to fix this, and how I would fix this?
I get the impression that it can be fixed by patching to version 5.1 or later, but I tried running npm outdated and nothing came up as requiring update. I'm not sure how else I could update it. I also couldn't see deep-extend listed as a dependency in bcrypt's package.json.... So I'm really confused!
1 Answer
HIDAYATULLAH ARGHANDABI
21,058 Pointsthere might an update have arrive for that issue run
npm update
to update the packages or you may want to update only the bcrypt package