Remote Code Execution

Ionic Framework Ionic Angular
1 
 === npm audit security report ===       
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Remote Code Execution                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.1.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @ionic/angular-toolkit [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @ionic/angular-toolkit > copy-webpack-plugin >               │
│               │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1548                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 vulnerabilities (1 low, 1 high) in 1493 scanned packages
  1 vulnerability requires semver-major dependency updates.
  1 vulnerability requires manual review. See the full report for details.

when I am starting new project with ionic start, I take this error, how can I fix it ?

2

same issue for me, this suddenly was displayed, any solution?

3

Same for me. Found any solution?

4

I resolved it by removing “serialize-javascript”: “^2.1.2” from “node_modules/@ionic/angular-toolkit/node_modules/copy-webpack-plugin/package.json” and then doing npm prune

5

in addition, I ran

npm rm serialize-javascript
npm install serialize-javascript

Then it was resolved

1 Like
6

for some weird reason the warning keeps inclusive after remove it hahaha don’t know what else do

7

Thanks for the report, fixing.

8

2.3.1 of Angular toolkit is released!

1 Like