Hi all, i’ve an app very simple, a starting project, that work fine but, every time i run “npm i” i’ve 45 vulnerabilities alert…
Running npm audit i see this:
────────────────────────────────┐
│ Moderate │ ReDoS │
│ Package │ brace-expansion │
│ Patched in │ >=1.1.7 │
│ Dependency of │ cordova-plugin-browsersync │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ cordova-plugin-browsersync > npm > fs-vacuum > rimraf > glob │
│ │ > minimatch > brace-expansion │
├───────────────┼───────────────────────────────────────────────────────────────┐
│ Moderate │ ReDoS │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.1.7 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cordova-plugin-browsersync │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ cordova-plugin-browsersync > npm > fstream > rimraf > glob > │
│ │ minimatch > brace-expansion │
├───────────────┼───────────────────────────────
....... many others...
found 45 vulnerabilities (4 low, 35 moderate, 6 high) in 6461 scanned packages
45 vulnerabilities require manual review. See the full report for details.
This is my ionic info:
Ionic:
ionic (Ionic CLI) : 4.1.2 (/usr/local/lib/node_modules/ionic)
Ionic Framework : ionic-angular 3.9.2
@ionic/app-scripts : 3.2.0
Cordova:
cordova (Cordova CLI) : 8.0.0
Cordova Platforms : android 7.0.0, browser 5.0.4, ios 4.5.5
Cordova Plugins : cordova-plugin-ionic-keyboard 2.1.2, cordova-plugin-ionic-webview 2.1.0, (and 7 other plugins)
System:
ios-deploy : 2.0.0
ios-sim : 5.0.13
NodeJS : v8.11.4 (/usr/local/bin/node)
npm : 6.4.1
OS : macOS High Sierra
Xcode : Xcode 10.0 Build version 10A255
do I have to worry?
how can i solve these vulnerabilities?
Thanks for help