Showing 1,425 of 1,425 total issues
debug
Regular Expression Denial of Service Open
"debug": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz",
"integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=",
"dev": true,
- Read upRead up
- Exclude checks
Regular Expression Denial of Service
Overview:
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o
formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Recommendation:
Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.
minimatch
Regular Expression Denial of Service Open
"minimatch": {
"version": "2.0.10",
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz",
"integrity": "sha1-jQh8OcazjAAbl/ynzm0OHoCvusc=",
"dev": true,
- Read upRead up
- Exclude checks
Regular Expression Denial of Service
Overview:
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp
objects. The primary function, minimatch(path, pattern)
is vulnerable to ReDoS in the pattern
parameter. This is because of the regular expression on line 521 of minimatch.js: /((?:\\{2})*)(\\?)\|/g,
. The problematic portion of the regex is ((?:\\{2})*)
which matches against \\
.
A proof of concept is as follows: ``` var minimatch = require(“minimatch”);
// utility function for generating long strings var genstr = function (len, chr) { var result = “”; for (i=0; i<=len; i++) { result = result + chr; } return result; }
var exploit = “[!” + genstr(1000000, “\”) + “A”;
// minimatch exploit. console.log(“starting minimatch”); minimatch(“foo”, exploit); console.log(“finishing minimatch”); ```
Recommendation:
Updated to version 3.0.2 or greater
Insert ;
Open
import { esConnect } from './client/elasticsearch'
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
logger('connecting es client')
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
)
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Definition for rule 'unicorn/prevent-abbreviations' was not found. Open
#!/usr/bin/env node
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Definition for rule 'unicorn/no-null' was not found. Open
#!/usr/bin/env node
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
const fs = require('fs')
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Replace ··const·{·name,·version,·description,·author,·contributors,·engines,·keywords,·license,·private:·privateKey,·repository,·bugs,·homepage
with const·{⏎····name,⏎····version,⏎····description,⏎····author,⏎····contributors,⏎····engines,⏎····keywords,⏎····license,⏎····private:·privateKey,⏎····repository,⏎····bugs,⏎····homepage,⏎·
Open
const { name, version, description, author, contributors, engines, keywords, license, private: privateKey, repository, bugs, homepage } = context;
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Replace ········"name"
with ····name
Open
"name": `${name}-deployment`,
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Delete ····
Open
author,
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Delete ····
Open
engines,
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Definition for rule 'unicorn/filename-case' was not found. Open
import debug from 'debug'
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
global.esClient = esClient
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
})
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ,
Open
}
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
const fsp = fs.promises
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
var logger = debug('api')
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ;
Open
const cachedResponse = await cache.get(packageUrl)
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/
Insert ,
Open
headers: response.headers
- Read upRead up
- Exclude checks
For more information visit Source: http://eslint.org/docs/rules/