top | item 45170303 (no title) epmatsw | 5 months ago Annoyingly, npm audit relies on github's advisory DB, which is currently incorrectly flagging all versions of these packages, not just the compromised ones.https://github.com/github/advisory-database/issues/6098 discuss order hn newest brycewray|5 months ago “Anatomy of a Billion-Download NPM Supply-Chain Attack”[0] suggests adding this to `package.json` for now... "overrides": { "chalk": "5.3.0", "strip-ansi": "7.1.0", "color-convert": "2.0.1", "color-name": "1.1.4", "is-core-module": "2.13.1", "error-ex": "1.3.2", "has-ansi": "5.0.1" } EDIT: This comment[1] suggests `npm audit` issue has now been resolved.[0] https://jdstaerk.substack.com/i/173095305/how-to-protect-you...[1] https://github.com/chalk/chalk/issues/656#issuecomment-32676...
brycewray|5 months ago “Anatomy of a Billion-Download NPM Supply-Chain Attack”[0] suggests adding this to `package.json` for now... "overrides": { "chalk": "5.3.0", "strip-ansi": "7.1.0", "color-convert": "2.0.1", "color-name": "1.1.4", "is-core-module": "2.13.1", "error-ex": "1.3.2", "has-ansi": "5.0.1" } EDIT: This comment[1] suggests `npm audit` issue has now been resolved.[0] https://jdstaerk.substack.com/i/173095305/how-to-protect-you...[1] https://github.com/chalk/chalk/issues/656#issuecomment-32676...
brycewray|5 months ago
[0] https://jdstaerk.substack.com/i/173095305/how-to-protect-you...
[1] https://github.com/chalk/chalk/issues/656#issuecomment-32676...