Next-plugins: @zeit/next-bundle-analyzer causes npm audit error

Created on 23 Apr 2019  路  2Comments  路  Source: vercel/next-plugins

next-bundle-analyzer depends on [email protected], but there is an XSS problem in that dependency that is only fixed in >=3.3.2.

https://www.npmjs.com/advisories/826

Most helpful comment

Any news on this? Been a while since this issue was opened..

All 2 comments

Any news on this? Been a while since this issue was opened..

@zeit/next-bundle-analyzer seems to have been deprecated in favor of @next/bundle-analyzer. 8.1.1-canary.44 of that package has an updated webpack-bundle-analyzer.

https://github.com/zeit/next.js/blob/9fa1101c7c7d6c81166c6565271296f1ebc3bf7d/packages/next-bundle-analyzer/package.json

npm install --save-dev @next/bundle-analyzer@canary

Note that the new package works slightly differently.

Was this page helpful?
0 / 5 - 0 ratings