Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript User Authentication With Express and Mongo User Registration Storing Passwords Securely

Bcrypt Low Severity Vulnerability

I installed bcrypt locally and it found 1 low severity vulnerability due to the deep-extend module.

One of the github contributors said this: "Although the issue is rated as moderate, it is rated as low for us, as we do not use the module in run-time. Even the module is not invoked while installing from npm."

Can anyone tell me if I need to fix this, and how I would fix this?

I get the impression that it can be fixed by patching to version 5.1 or later, but I tried running npm outdated and nothing came up as requiring update. I'm not sure how else I could update it. I also couldn't see deep-extend listed as a dependency in bcrypt's package.json.... So I'm really confused!

1 Answer

HIDAYATULLAH ARGHANDABI
HIDAYATULLAH ARGHANDABI
21,058 Points

there might an update have arrive for that issue run

npm update

to update the packages or you may want to update only the bcrypt package