You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using WhiteSource to scan our projects for security issues. It basically does npm install and scans every file it got (including dependencies) for security risks. Since we're using sockjs, we have the following warning: .../node_modules/sockjs/examples/echo/index.html uses jquery-1.7.1
So all the sockjs examples are using an old version of jquery with security vulnerabilities, and all those examples are bundled in the distributed package.
I know it's kinda false positive since it shouldn't go to production code, but for such a popular library it should be important enough.
I'd suggest to either add examples folder to .npmignore (will save the library users traffic as well), or update jQuery in these examples, or both.
The text was updated successfully, but these errors were encountered:
We are using WhiteSource to scan our projects for security issues. It basically does
npm installand scans every file it got (including dependencies) for security risks. Since we're using sockjs, we have the following warning:.../node_modules/sockjs/examples/echo/index.htmlusesjquery-1.7.1So all the sockjs examples are using an old version of jquery with security vulnerabilities, and all those examples are bundled in the distributed package.
I know it's kinda false positive since it shouldn't go to production code, but for such a popular library it should be important enough.
I'd suggest to either add
examplesfolder to.npmignore(will save the library users traffic as well), or update jQuery in these examples, or both.The text was updated successfully, but these errors were encountered: