How to resolve items found with Node Security Platform (nsp)

How to resolve items found with Node Security Platform (nsp)
0

#1

Anyone now the method on How to resolve items found with Node Security Platform (nsp).

I’ve figured out how to use nsp to check my code in a npm script. But how do you resolve issues when you find them with dependent package of a key package you are using.

Example running a nsp security check on my code I find that a dependent package for lodash has vulnerability. How does one go about resolving this kind of thing.

Thanks,
Ron


#2

It’s not up to you to upgrade nested dependencies. It’s up to the project maintainers. NSP will give you remediation options

Lodash: prototype pollution
https://nodesecurity.io/advisories/577