Reactivesearch: Unable to properly install reactivesearch-native

Created on 6 Nov 2018  路  4Comments  路  Source: appbaseio/reactivesearch

Unable to properly install reactivesearch-native.
When I run npm install it says:
found 1 high severity vulnerability in 39193 scanned packages
1 vulnerability requires manual review. See the full report for details.

Here is the npm audit:

npm audit security report
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Denial of Service
Package ws
Patched in >= 1.1.5 <2.0.0 || >=3.3.1
Dependency of @appbaseio/reactivesearch-native
Path @appbaseio/reactivesearch-native > appbase-js > ws
More info https://nodesecurity.io/advisories/550

Most helpful comment

@bietkul the path seems to be at appbase-js > ws. I think we should upgrade ws in appbase-js to fix this.

All 4 comments

Thanks for reporting this @gabzon. We will do a release shortly to fix this.

We have 3 vulnerabilities in total at the moment:

  • 2 of them can be solved by upgrading react-native
  • @bietkul I will need your input to fix the third one:

image

@gabzon Regarding the ws vulnerability, It seems like the issue is with react-devtools ws dependency.
Lmk if it helps you https://github.com/websockets/ws/issues/1455#issuecomment-428651039

@bietkul the path seems to be at appbase-js > ws. I think we should upgrade ws in appbase-js to fix this.

Fixed. Please update to 0.11.0 to get things rolling 馃帀

Was this page helpful?
0 / 5 - 0 ratings

Related issues

vharitonsky picture vharitonsky  路  4Comments

rbeers picture rbeers  路  3Comments

kud picture kud  路  4Comments

coommark picture coommark  路  4Comments

ymzoughi picture ymzoughi  路  4Comments