=== npm audit security report === # Run npm update lodash --depth 5 to resolve 1 vulnerability +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | lodash | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wd > async > lodash | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/577 | +---------------+--------------------------------------------------------------+ # Run npm update rc --depth 5 to resolve 1 vulnerability +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > chokidar > fsevents > node-pre-gyp > rc > | | | deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +------------------------------------------------------------------------------+ | Manual Review | | Some vulnerabilities require your attention to resolve | | | | Visit https://go.npm.me/audit-guide for additional guidance | +------------------------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > bower-json > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > command-line-usage > table-layout > | | | deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polymer-build > css-slam > command-line-usage | | | > table-layout > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polymer-build > polymer-bundler > | | | command-line-usage > table-layout > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polymer-bundler > command-line-usage > | | | table-layout > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polyserve > command-line-usage > table-layout | | | > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polyserve > polymer-build > css-slam > | | | command-line-usage > table-layout > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polyserve > polymer-build > polymer-bundler > | | | command-line-usage > table-layout > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > polyserve > | | | command-line-usage > table-layout > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > polyserve > | | | polymer-build > css-slam > command-line-usage > table-layout | | | > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > polyserve > | | | polymer-build > polymer-bundler > command-line-usage > | | | table-layout > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | deep-extend | +---------------+--------------------------------------------------------------+ | Patched in | >=0.5.1 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > yeoman-generator > mem-fs-editor > deep-extend | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/612 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | High | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | fresh | +---------------+--------------------------------------------------------------+ | Patched in | >= 0.5.2 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polyserve > send > fresh | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/526 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | High | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | fresh | +---------------+--------------------------------------------------------------+ | Patched in | >= 0.5.2 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > polyserve > send > | | | fresh | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/526 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | High | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | fresh | +---------------+--------------------------------------------------------------+ | Patched in | >= 0.5.2 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > send > fresh | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/526 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | High | Denial of Service | +---------------+--------------------------------------------------------------+ | Package | https-proxy-agent | +---------------+--------------------------------------------------------------+ | Patched in | >=2.2.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > github > https-proxy-agent | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/593 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | High | Denial of Service | +---------------+--------------------------------------------------------------+ | Package | https-proxy-agent | +---------------+--------------------------------------------------------------+ | Patched in | >=2.2.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wct-local > launchpad > | | | browserstack > https-proxy-agent | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/593 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Critical | Command Injection | +---------------+--------------------------------------------------------------+ | Package | growl | +---------------+--------------------------------------------------------------+ | Patched in | >=1.10.2 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > mocha > growl | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/146 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Denial of Service | +---------------+--------------------------------------------------------------+ | Package | protobufjs | +---------------+--------------------------------------------------------------+ | Patched in | >=6.8.6 | +---------------+--------------------------------------------------------------+ | Dependency of | grpc | +---------------+--------------------------------------------------------------+ | Path | grpc > protobufjs | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/605 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Denial of Service | +---------------+--------------------------------------------------------------+ | Package | protobufjs | +---------------+--------------------------------------------------------------+ | Patched in | >=6.8.6 | +---------------+--------------------------------------------------------------+ | Dependency of | webtorrent-hybrid | +---------------+--------------------------------------------------------------+ | Path | webtorrent-hybrid > webtorrent-cli > chromecasts > | | | castv2-client > castv2 > protobufjs | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/605 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | mime | +---------------+--------------------------------------------------------------+ | Patched in | >= 1.4.1 < 2.0.0 || >= 2.0.3 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polyserve > send > mime | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/535 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | mime | +---------------+--------------------------------------------------------------+ | Patched in | >= 1.4.1 < 2.0.0 || >= 2.0.3 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > polyserve > send > mime | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/535 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | mime | +---------------+--------------------------------------------------------------+ | Patched in | >= 1.4.1 < 2.0.0 || >= 2.0.3 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > send > mime | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/535 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | lodash | +---------------+--------------------------------------------------------------+ | Patched in | >=4.17.5 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > lodash | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/577 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | lodash | +---------------+--------------------------------------------------------------+ | Patched in | >=4.17.5 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > stacky > lodash | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/577 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | lodash | +---------------+--------------------------------------------------------------+ | Patched in | >=4.17.5 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wct-sauce > lodash | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/577 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Prototype Pollution | +---------------+--------------------------------------------------------------+ | Package | lodash | +---------------+--------------------------------------------------------------+ | Patched in | >=4.17.5 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wd > lodash | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/577 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | ms | +---------------+--------------------------------------------------------------+ | Patched in | >0.7.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > send > debug > ms | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/46 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | ms | +---------------+--------------------------------------------------------------+ | Patched in | >0.7.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > send > ms | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/46 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Prototype pollution | +---------------+--------------------------------------------------------------+ | Package | hoek | +---------------+--------------------------------------------------------------+ | Patched in | > 4.2.0 < 5.0.0 || >= 5.0.3 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wct-local > | | | selenium-standalone > request > hawk > boom > hoek | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/566 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Prototype pollution | +---------------+--------------------------------------------------------------+ | Package | hoek | +---------------+--------------------------------------------------------------+ | Patched in | > 4.2.0 < 5.0.0 || >= 5.0.3 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wct-local > | | | selenium-standalone > request > hawk > cryptiles > boom > | | | hoek | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/566 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Prototype pollution | +---------------+--------------------------------------------------------------+ | Package | hoek | +---------------+--------------------------------------------------------------+ | Patched in | > 4.2.0 < 5.0.0 || >= 5.0.3 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wct-local > | | | selenium-standalone > request > hawk > hoek | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/566 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Prototype pollution | +---------------+--------------------------------------------------------------+ | Package | hoek | +---------------+--------------------------------------------------------------+ | Patched in | > 4.2.0 < 5.0.0 || >= 5.0.3 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wct-local > | | | selenium-standalone > request > hawk > sntp > hoek | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/566 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | debug | +---------------+--------------------------------------------------------------+ | Patched in | >= 2.6.9 < 3.0.0 || >= 3.1.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > polyserve > send > debug | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/534 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | debug | +---------------+--------------------------------------------------------------+ | Patched in | >= 2.6.9 < 3.0.0 || >= 3.1.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > polyserve > send > | | | debug | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/534 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | debug | +---------------+--------------------------------------------------------------+ | Patched in | >= 2.6.9 < 3.0.0 || >= 3.1.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > mocha > debug | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/534 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Low | Regular Expression Denial of Service | +---------------+--------------------------------------------------------------+ | Package | debug | +---------------+--------------------------------------------------------------+ | Patched in | >= 2.6.9 < 3.0.0 || >= 3.1.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > send > debug | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/534 | +---------------+--------------------------------------------------------------+ +---------------+--------------------------------------------------------------+ | Moderate | Memory Exposure | +---------------+--------------------------------------------------------------+ | Package | tunnel-agent | +---------------+--------------------------------------------------------------+ | Patched in | >=0.6.0 | +---------------+--------------------------------------------------------------+ | Dependency of | polymer-cli [dev] | +---------------+--------------------------------------------------------------+ | Path | polymer-cli > web-component-tester > wct-local > | | | selenium-standalone > request > tunnel-agent | +---------------+--------------------------------------------------------------+ | More info | https://nodesecurity.io/advisories/598 | +---------------+--------------------------------------------------------------+ [!] 40 vulnerabilities found - Packages audited: 20449 (16829 dev, 964 optional) Severity: 22 Low | 12 Moderate | 5 High | 1 Critical