New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Snyk vulnerability DB reporting command injection vulnerability in ShellJS #810
Comments
Dupe of #766. Known issue. If you don't use As you pointed out, I've been working on this for a bit (#524 is a demo). The goal is to provide a better alternative to |
Thank you for the response, and thanks for your work on the library. Sorry I missed the dup - I searched but didn't see it. |
Node version (or tell us if you're using electron or some other framework):
8.0.0
ShellJS version (the most recent version/Github branch you see the bug on):
0.7.8
Operating system:
Linux
Description of the bug:
Snyk reports high severity vulnerability in shelljs
Example ShellJS command to reproduce the error:
In a repository with ShellJS as a dependency:
This is related to issues 143, 495, and PR 524. Wasn't sure if the project was aware that ShellJS will break builds using vulnerability scanning in their CI workflow.
The text was updated successfully, but these errors were encountered: