Prisma1: sync-exec; 1 sync-exec vulnerability found in package-lock.json

Created on 18 Dec 2018  ยท  3Comments  ยท  Source: prisma/prisma1 
npm list sync-exec
este@ /Users/steida/dev/este-typescript
โ””โ”€โ”ฌ [email protected]
  โ””โ”€โ”ฌ [email protected]
    โ””โ”€โ”ฌ [email protected]
      โ””โ”€โ”€ [email protected]

Should not be used imho.

bu1-repro-available kinbug
Source
picture steida

Most helpful comment

The regression is still around. Any ETA on fixing this?

$ npm list sync-exec
[email protected]
โ””โ”€โ”ฌ [email protected]
  โ””โ”€โ”ฌ [email protected]
    โ””โ”€โ”ฌ [email protected]
      โ””โ”€โ”€ [email protected]
picture tianhuil on 14 Jul 2019
👍2

All 3 comments

There is a regression in windows for npm-run (https://github.com/prisma/prisma/pull/3517). We can upgrade this after this one is merged https://github.com/timoxley/npm-run/pull/21

Or break the build for windows temporarily. Can you please confirm what the vulnerability is exactly and does it also affect CLI tools?

divyenduz picture divyenduz on 18 Dec 2018

I think it's not severe, because it's for local web development, but I am not an expert. I would wait, this issue can help the others meanwhile.

steida picture steida on 19 Dec 2018
👍1

The regression is still around. Any ETA on fixing this?

$ npm list sync-exec
[email protected]
โ””โ”€โ”ฌ [email protected]
  โ””โ”€โ”ฌ [email protected]
    โ””โ”€โ”ฌ [email protected]
      โ””โ”€โ”€ [email protected]
tianhuil picture tianhuil on 14 Jul 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

schickling picture schickling  ยท  3Comments
marktani picture marktani  ยท  3Comments
tbrannam picture tbrannam  ยท  3Comments
schickling picture schickling  ยท  3Comments
nikolasburk picture nikolasburk  ยท  3Comments