Skip to content
This repository was archived by the owner on May 1, 2020. It is now read-only.

node-sass Denial of Service #1544

Open
Open
node-sass Denial of Service#1544
@whereskeem

Description

@whereskeem
whereskeem
opened on Jan 15, 2020

Note: for support questions, please use one of these channels:

https://forum.ionicframework.com/
http://ionicworldwide.herokuapp.com/

Short description of the problem:

Vulnerability warning during npm audit for an @ionic/app-scripts dependency requirement of node-sass

What behavior are you expecting?

an available patch or replacement of the dependency requirement containing vulnerabilities

Steps to reproduce:

  1. Create an Ionic Angular application with a dev dependency of "@ionic/app-scripts": "3.1.8"
  2. Run npm audit
insert any relevant code between the above and below backticks
Here's the message from npm audit:
`Low             Denial of Service

  Package         node-sass

  Patched in      No patch available

  Dependency of   @ionic/app-scripts [dev]

  Path            @ionic/app-scripts > node-sass

  More info       https://nodesecurity.io/advisories/961`

**Which @ionic/app-scripts version are you using?**

"@ionic/app-scripts": "3.1.8"

**Other information:** (e.g. stacktraces, related issues, suggestions how to fix, stackoverflow links, forum links, etc)

We run "npm audit" as part of our build process so the project won't complete the build unless this vulnerability is resolved. Any suggestions on a work around? Can node-sass be replaced as a dependency of  @ionic/app-scripts? Any suggestions are greatly appreciated.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions