Untitled
unknown
plain_text
2 years ago
41 kB
7
Indexable
npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit No fix available for @nomicfoundation/hardhat-toolbox@*
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @nomicfoundation/hardhat-toolbox@1.0.2
npm WARN Found: @types/mocha@10.0.1
npm WARN node_modules/@types/mocha
npm WARN dev @types/mocha@"^10.0.1" from the root project
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @types/mocha@"^9.1.0" from @nomicfoundation/hardhat-toolbox@1.0.2
npm WARN node_modules/@nomicfoundation/hardhat-toolbox
npm WARN dev @nomicfoundation/hardhat-toolbox@"^1.0.2" from the root project
npm WARN
npm WARN Conflicting peer dependency: @types/mocha@9.1.1
npm WARN node_modules/@types/mocha
npm WARN peer @types/mocha@"^9.1.0" from @nomicfoundation/hardhat-toolbox@1.0.2
npm WARN node_modules/@nomicfoundation/hardhat-toolbox
npm WARN dev @nomicfoundation/hardhat-toolbox@"^1.0.2" from the root project
npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain
circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain
circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain
circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain
circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
added 40 packages, removed 6 packages, changed 1 package, and audited 2030 packages in 18s
183 packages are looking for funding
run `npm fund` for details
# npm audit report
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/async
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
cookiejar <2.1.4
Severity: moderate
cookiejar Regular Expression Denial of Service via Cookie.parse function - https://github.com/advisories/GHSA-h452-7996-h45h
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/cookiejar
cross-fetch <=2.2.5 || 3.0.0 - 3.1.4 || 3.2.0-alpha.0 - 3.2.0-alpha.2
Severity: high
Incorrect Authorization in cross-fetch - https://github.com/advisories/GHSA-7gc6-qh9x-w6h8
Depends on vulnerable versions of node-fetch
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/cross-fetch
decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/decode-uri-component
elliptic <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/elliptic
@ethersproject/signing-key <=5.0.9
Depends on vulnerable versions of elliptic
node_modules/ganache-core/node_modules/@ethersproject/signing-key
flat <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
No fix available
node_modules/eth-gas-reporter/node_modules/flat
yargs-unparser <=1.6.3
Depends on vulnerable versions of flat
node_modules/eth-gas-reporter/node_modules/yargs-unparser
mocha 5.1.0 - 9.2.1
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of yargs-unparser
node_modules/eth-gas-reporter/node_modules/mocha
eth-gas-reporter >=0.0.5
Depends on vulnerable versions of mocha
Depends on vulnerable versions of request
node_modules/eth-gas-reporter
hardhat-gas-reporter *
Depends on vulnerable versions of eth-gas-reporter
node_modules/hardhat-gas-reporter
@nomicfoundation/hardhat-toolbox *
Depends on vulnerable versions of hardhat-gas-reporter
Depends on vulnerable versions of solidity-coverage
node_modules/@nomicfoundation/hardhat-toolbox
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
No fix available
node_modules/ganache-core/node_modules/got
node_modules/ganache-core/node_modules/swarm-js/node_modules/got
node_modules/got
swarm-js 0.1.1 - 0.1.17 || >=0.1.35
Depends on vulnerable versions of eth-lib
Depends on vulnerable versions of got
node_modules/ganache-core/node_modules/swarm-js
node_modules/swarm-js
web3-bzz *
Depends on vulnerable versions of got
Depends on vulnerable versions of swarm-js
Depends on vulnerable versions of underscore
node_modules/@truffle/interface-adapter/node_modules/web3-bzz
node_modules/ganache-core/node_modules/web3-bzz
node_modules/web3-bzz
web3 <=3.0.0-rc.4
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-eth
Depends on vulnerable versions of web3-shh
node_modules/@truffle/interface-adapter/node_modules/web3
node_modules/ganache-core/node_modules/web3
node_modules/web3
@truffle/interface-adapter *
Depends on vulnerable versions of web3
node_modules/@truffle/interface-adapter
@truffle/provider *
Depends on vulnerable versions of @truffle/interface-adapter
Depends on vulnerable versions of web3
node_modules/@truffle/provider
solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0
Depends on vulnerable versions of @truffle/provider
node_modules/solidity-coverage
@nomicfoundation/hardhat-toolbox *
Depends on vulnerable versions of hardhat-gas-reporter
Depends on vulnerable versions of solidity-coverage
node_modules/@nomicfoundation/hardhat-toolbox
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/http-cache-semantics
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/ganache-core/node_modules/jsprim
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/babel-core/node_modules/json5
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of json5
node_modules/ganache-core/node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/ganache-core/node_modules/babel-register
babelify 7.0.0 - 7.3.0
Depends on vulnerable versions of babel-core
node_modules/ganache-core/node_modules/babelify
json-rpc-engine 2.2.0 - 4.0.0
Depends on vulnerable versions of babelify
node_modules/ganache-core/node_modules/json-rpc-engine
eth-block-tracker 2.3.0 - 3.0.1
Depends on vulnerable versions of json-rpc-engine
node_modules/ganache-core/node_modules/eth-block-tracker
web3-provider-engine *
Depends on vulnerable versions of eth-block-tracker
Depends on vulnerable versions of eth-json-rpc-infura
Depends on vulnerable versions of request
node_modules/ganache-core/node_modules/web3-provider-engine
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
eth-json-rpc-infura <=5.0.0
Depends on vulnerable versions of eth-json-rpc-middleware
Depends on vulnerable versions of json-rpc-engine
node_modules/ganache-core/node_modules/eth-json-rpc-infura
eth-json-rpc-middleware 1.1.0 - 5.1.0
Depends on vulnerable versions of eth-tx-summary
Depends on vulnerable versions of ethereumjs-block
Depends on vulnerable versions of fetch-ponyfill
Depends on vulnerable versions of json-rpc-engine
node_modules/ganache-core/node_modules/eth-json-rpc-middleware
lodash <4.17.21
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/lodash
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
No fix available
node_modules/eth-gas-reporter/node_modules/minimatch
node_modules/ganache-core/node_modules/minimatch
mocha 5.1.0 - 9.2.1
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of yargs-unparser
node_modules/eth-gas-reporter/node_modules/mocha
eth-gas-reporter >=0.0.5
Depends on vulnerable versions of mocha
Depends on vulnerable versions of request
node_modules/eth-gas-reporter
hardhat-gas-reporter *
Depends on vulnerable versions of eth-gas-reporter
node_modules/hardhat-gas-reporter
@nomicfoundation/hardhat-toolbox *
Depends on vulnerable versions of hardhat-gas-reporter
Depends on vulnerable versions of solidity-coverage
node_modules/@nomicfoundation/hardhat-toolbox
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/minimist
node-fetch <=2.6.6
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/fetch-ponyfill/node_modules/node-fetch
node_modules/ganache-core/node_modules/node-fetch
cross-fetch <=2.2.5 || 3.0.0 - 3.1.4 || 3.2.0-alpha.0 - 3.2.0-alpha.2
Depends on vulnerable versions of node-fetch
node_modules/ganache-core/node_modules/cross-fetch
fetch-ponyfill 1.0.0 - 6.0.2
Depends on vulnerable versions of node-fetch
node_modules/ganache-core/node_modules/fetch-ponyfill
eth-json-rpc-middleware 1.1.0 - 5.1.0
Depends on vulnerable versions of eth-tx-summary
Depends on vulnerable versions of ethereumjs-block
Depends on vulnerable versions of fetch-ponyfill
Depends on vulnerable versions of json-rpc-engine
node_modules/ganache-core/node_modules/eth-json-rpc-middleware
eth-json-rpc-infura <=5.0.0
Depends on vulnerable versions of eth-json-rpc-middleware
Depends on vulnerable versions of json-rpc-engine
node_modules/ganache-core/node_modules/eth-json-rpc-infura
web3-provider-engine *
Depends on vulnerable versions of eth-block-tracker
Depends on vulnerable versions of eth-json-rpc-infura
Depends on vulnerable versions of request
node_modules/ganache-core/node_modules/web3-provider-engine
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
normalize-url 4.3.0 - 4.5.0
Severity: high
ReDoS in normalize-url - https://github.com/advisories/GHSA-px4h-xg32-q955
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/normalize-url
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/path-parse
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/body-parser/node_modules/qs
node_modules/ganache-core/node_modules/express/node_modules/qs
node_modules/ganache-core/node_modules/qs
body-parser 1.19.0
Depends on vulnerable versions of qs
node_modules/ganache-core/node_modules/body-parser
express 4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8
Depends on vulnerable versions of qs
node_modules/ganache-core/node_modules/express
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/ganache-core/node_modules/request
node_modules/request
@resolver-engine/core *
Depends on vulnerable versions of request
node_modules/@resolver-engine/core
@resolver-engine/fs *
Depends on vulnerable versions of @resolver-engine/core
node_modules/@resolver-engine/fs
@resolver-engine/imports *
Depends on vulnerable versions of @resolver-engine/core
node_modules/@resolver-engine/imports
@ethereum-waffle/compiler *
Depends on vulnerable versions of @resolver-engine/imports
node_modules/@ethereum-waffle/compiler
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
@resolver-engine/imports-fs *
Depends on vulnerable versions of @resolver-engine/imports
node_modules/@resolver-engine/imports-fs
eth-gas-reporter >=0.0.5
Depends on vulnerable versions of mocha
Depends on vulnerable versions of request
node_modules/eth-gas-reporter
hardhat-gas-reporter *
Depends on vulnerable versions of eth-gas-reporter
node_modules/hardhat-gas-reporter
@nomicfoundation/hardhat-toolbox *
Depends on vulnerable versions of hardhat-gas-reporter
Depends on vulnerable versions of solidity-coverage
node_modules/@nomicfoundation/hardhat-toolbox
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
servify *
Depends on vulnerable versions of request
node_modules/ganache-core/node_modules/servify
node_modules/servify
eth-lib 0.1.24 - 0.1.29
Depends on vulnerable versions of servify
node_modules/eth-lib
node_modules/ganache-core/node_modules/eth-lib
swarm-js 0.1.1 - 0.1.17 || >=0.1.35
Depends on vulnerable versions of eth-lib
Depends on vulnerable versions of got
node_modules/ganache-core/node_modules/swarm-js
node_modules/swarm-js
web3-bzz *
Depends on vulnerable versions of got
Depends on vulnerable versions of swarm-js
Depends on vulnerable versions of underscore
node_modules/@truffle/interface-adapter/node_modules/web3-bzz
node_modules/ganache-core/node_modules/web3-bzz
node_modules/web3-bzz
web3 <=3.0.0-rc.4
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-eth
Depends on vulnerable versions of web3-shh
node_modules/@truffle/interface-adapter/node_modules/web3
node_modules/ganache-core/node_modules/web3
node_modules/web3
@truffle/interface-adapter *
Depends on vulnerable versions of web3
node_modules/@truffle/interface-adapter
@truffle/provider *
Depends on vulnerable versions of @truffle/interface-adapter
Depends on vulnerable versions of web3
node_modules/@truffle/provider
solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0
Depends on vulnerable versions of @truffle/provider
node_modules/solidity-coverage
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
web3-provider-engine *
Depends on vulnerable versions of eth-block-tracker
Depends on vulnerable versions of eth-json-rpc-infura
Depends on vulnerable versions of request
node_modules/ganache-core/node_modules/web3-provider-engine
semver <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/babel-preset-env/node_modules/semver
node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/semver
node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/semver
node_modules/ganache-core/node_modules/ethereumjs-block/node_modules/semver
node_modules/ganache-core/node_modules/ethereumjs-vm/node_modules/semver
node_modules/ganache-core/node_modules/patch-package/node_modules/semver
node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/semver
levelup 0.9.0 - 1.3.9
Depends on vulnerable versions of semver
node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/levelup
node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/levelup
node_modules/ganache-core/node_modules/ethereumjs-block/node_modules/levelup
node_modules/ganache-core/node_modules/ethereumjs-vm/node_modules/levelup
node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/levelup
merkle-patricia-tree 0.1.22 - 2.3.2
Depends on vulnerable versions of levelup
node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/merkle-patricia-tree
node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/merkle-patricia-tree
node_modules/ganache-core/node_modules/ethereumjs-block/node_modules/merkle-patricia-tree
node_modules/ganache-core/node_modules/ethereumjs-vm/node_modules/merkle-patricia-tree
node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/merkle-patricia-tree
ethereumjs-block >=0.0.3
Depends on vulnerable versions of merkle-patricia-tree
node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/ethereumjs-block
node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/ethereumjs-vm/node_modules/ethereumjs-block
node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/ethereumjs-block
node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/ethereumjs-vm/node_modules/ethereumjs-block
node_modules/ganache-core/node_modules/ethereumjs-block
node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ethereumjs-block
node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ethereumjs-vm/node_modules/ethereumjs-block
eth-json-rpc-middleware 1.1.0 - 5.1.0
Depends on vulnerable versions of eth-tx-summary
Depends on vulnerable versions of ethereumjs-block
Depends on vulnerable versions of fetch-ponyfill
Depends on vulnerable versions of json-rpc-engine
node_modules/ganache-core/node_modules/eth-json-rpc-middleware
eth-json-rpc-infura <=5.0.0
Depends on vulnerable versions of eth-json-rpc-middleware
Depends on vulnerable versions of json-rpc-engine
node_modules/ganache-core/node_modules/eth-json-rpc-infura
web3-provider-engine *
Depends on vulnerable versions of eth-block-tracker
Depends on vulnerable versions of eth-json-rpc-infura
Depends on vulnerable versions of request
node_modules/ganache-core/node_modules/web3-provider-engine
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
eth-tx-summary *
Depends on vulnerable versions of ethereumjs-block
node_modules/ganache-core/node_modules/eth-tx-summary
ethereumjs-blockchain *
Depends on vulnerable versions of ethereumjs-block
node_modules/ganache-core/node_modules/ethereumjs-blockchain
ethereumjs-vm >=0.1.1
Depends on vulnerable versions of ethereumjs-block
Depends on vulnerable versions of ethereumjs-blockchain
Depends on vulnerable versions of merkle-patricia-tree
node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/ethereumjs-vm
node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/ethereumjs-vm
node_modules/ganache-core/node_modules/ethereumjs-vm
node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ethereumjs-vm
simple-get <2.8.2
Severity: high
Exposure of Sensitive Information in simple-get - https://github.com/advisories/GHSA-wpg7-2c88-r8xv
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/simple-get
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/tar
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/ganache-core/node_modules/tough-cookie
node_modules/tough-cookie
request *
Depends on vulnerable versions of tough-cookie
node_modules/ganache-core/node_modules/request
node_modules/request
@resolver-engine/core *
Depends on vulnerable versions of request
node_modules/@resolver-engine/core
@resolver-engine/fs *
Depends on vulnerable versions of @resolver-engine/core
node_modules/@resolver-engine/fs
@resolver-engine/imports *
Depends on vulnerable versions of @resolver-engine/core
node_modules/@resolver-engine/imports
@ethereum-waffle/compiler *
Depends on vulnerable versions of @resolver-engine/imports
node_modules/@ethereum-waffle/compiler
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
@resolver-engine/imports-fs *
Depends on vulnerable versions of @resolver-engine/imports
node_modules/@resolver-engine/imports-fs
eth-gas-reporter >=0.0.5
Depends on vulnerable versions of mocha
Depends on vulnerable versions of request
node_modules/eth-gas-reporter
hardhat-gas-reporter *
Depends on vulnerable versions of eth-gas-reporter
node_modules/hardhat-gas-reporter
@nomicfoundation/hardhat-toolbox *
Depends on vulnerable versions of hardhat-gas-reporter
Depends on vulnerable versions of solidity-coverage
node_modules/@nomicfoundation/hardhat-toolbox
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
servify *
Depends on vulnerable versions of request
node_modules/ganache-core/node_modules/servify
node_modules/servify
eth-lib 0.1.24 - 0.1.29
Depends on vulnerable versions of servify
node_modules/eth-lib
node_modules/ganache-core/node_modules/eth-lib
swarm-js 0.1.1 - 0.1.17 || >=0.1.35
Depends on vulnerable versions of eth-lib
Depends on vulnerable versions of got
node_modules/ganache-core/node_modules/swarm-js
node_modules/swarm-js
web3-bzz *
Depends on vulnerable versions of got
Depends on vulnerable versions of swarm-js
Depends on vulnerable versions of underscore
node_modules/@truffle/interface-adapter/node_modules/web3-bzz
node_modules/ganache-core/node_modules/web3-bzz
node_modules/web3-bzz
web3 <=3.0.0-rc.4
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-eth
Depends on vulnerable versions of web3-shh
node_modules/@truffle/interface-adapter/node_modules/web3
node_modules/ganache-core/node_modules/web3
node_modules/web3
@truffle/interface-adapter *
Depends on vulnerable versions of web3
node_modules/@truffle/interface-adapter
@truffle/provider *
Depends on vulnerable versions of @truffle/interface-adapter
Depends on vulnerable versions of web3
node_modules/@truffle/provider
solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0
Depends on vulnerable versions of @truffle/provider
node_modules/solidity-coverage
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
web3-provider-engine *
Depends on vulnerable versions of eth-block-tracker
Depends on vulnerable versions of eth-json-rpc-infura
Depends on vulnerable versions of request
node_modules/ganache-core/node_modules/web3-provider-engine
underscore 1.3.2 - 1.12.0
Severity: critical
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
No fix available
node_modules/ganache-core/node_modules/underscore
web3-bzz *
Depends on vulnerable versions of got
Depends on vulnerable versions of swarm-js
Depends on vulnerable versions of underscore
node_modules/@truffle/interface-adapter/node_modules/web3-bzz
node_modules/ganache-core/node_modules/web3-bzz
node_modules/web3-bzz
web3 <=3.0.0-rc.4
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-eth
Depends on vulnerable versions of web3-shh
node_modules/@truffle/interface-adapter/node_modules/web3
node_modules/ganache-core/node_modules/web3
node_modules/web3
@truffle/interface-adapter *
Depends on vulnerable versions of web3
node_modules/@truffle/interface-adapter
@truffle/provider *
Depends on vulnerable versions of @truffle/interface-adapter
Depends on vulnerable versions of web3
node_modules/@truffle/provider
solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0
Depends on vulnerable versions of @truffle/provider
node_modules/solidity-coverage
@nomicfoundation/hardhat-toolbox *
Depends on vulnerable versions of hardhat-gas-reporter
Depends on vulnerable versions of solidity-coverage
node_modules/@nomicfoundation/hardhat-toolbox
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
web3-core-helpers <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-utils
node_modules/ganache-core/node_modules/web3-core-helpers
web3-core <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-core
web3-eth-ens <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-core
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-eth-ens
web3-eth <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-core-helpers
Depends on vulnerable versions of web3-eth-ens
node_modules/ganache-core/node_modules/web3-eth
web3-core-method <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-core-method
web3-net 1.2.0 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of web3-core-method
node_modules/ganache-core/node_modules/web3-net
web3-eth-personal <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of web3-core-helpers
Depends on vulnerable versions of web3-net
node_modules/ganache-core/node_modules/web3-eth-personal
web3-shh <=1.3.5
Depends on vulnerable versions of web3-core-method
Depends on vulnerable versions of web3-net
node_modules/ganache-core/node_modules/web3-shh
web3-core-subscriptions <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-core-subscriptions
web3-eth-contract <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-eth-contract
web3-providers-http <=1.0.0 || 1.2.0 - 1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-providers-http
web3-providers-ipc <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.5
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-providers-ipc
web3-providers-ws <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-core-helpers
node_modules/ganache-core/node_modules/web3-providers-ws
web3-core-requestmanager <=1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4
Depends on vulnerable versions of underscore
node_modules/ganache-core/node_modules/web3-core-requestmanager
web3-eth-abi <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
Depends on vulnerable versions of web3-utils
node_modules/ganache-core/node_modules/web3-eth-abi
web3-eth-accounts <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
node_modules/ganache-core/node_modules/web3-eth-accounts
web3-utils 1.0.0-beta.8 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of underscore
node_modules/ganache-core/node_modules/web3-utils
web3-eth-iban <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4
Depends on vulnerable versions of web3-utils
node_modules/ganache-core/node_modules/web3-eth-iban
web3 <=3.0.0-rc.4
Severity: critical
Insecure Credential Storage in web3 - https://github.com/advisories/GHSA-27v7-qhfv-rqq8
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-bzz
Depends on vulnerable versions of web3-eth
Depends on vulnerable versions of web3-shh
No fix available
node_modules/@truffle/interface-adapter/node_modules/web3
node_modules/ganache-core/node_modules/web3
node_modules/web3
@truffle/interface-adapter *
Depends on vulnerable versions of web3
node_modules/@truffle/interface-adapter
@truffle/provider *
Depends on vulnerable versions of @truffle/interface-adapter
Depends on vulnerable versions of web3
node_modules/@truffle/provider
solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0
Depends on vulnerable versions of @truffle/provider
node_modules/solidity-coverage
@nomicfoundation/hardhat-toolbox *
Depends on vulnerable versions of hardhat-gas-reporter
Depends on vulnerable versions of solidity-coverage
node_modules/@nomicfoundation/hardhat-toolbox
ganache-core *
Depends on vulnerable versions of async
Depends on vulnerable versions of web3
Depends on vulnerable versions of web3-provider-engine
node_modules/ganache-core
@ethereum-waffle/provider <=4.0.0-dev.e3fa452
Depends on vulnerable versions of ganache-core
node_modules/@ethereum-waffle/provider
@ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/@ethereum-waffle/chai
ethereum-waffle >=2.3.0-istanbul.0
Depends on vulnerable versions of @ethereum-waffle/chai
Depends on vulnerable versions of @ethereum-waffle/compiler
Depends on vulnerable versions of @ethereum-waffle/provider
node_modules/ethereum-waffle
ws 5.0.0 - 5.2.2
Severity: moderate
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
fix available via `npm audit fix`
node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ws
85 vulnerabilities (2 low, 31 moderate, 25 high, 27 critical)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.Editor is loading...