This repository was archived by the owner on May 15, 2025. It is now read-only.
This repository was archived by the owner on May 15, 2025. It is now read-only.
Npm audit security report shows marked library security vulnerability #101
Description
The result of running npm audit command on any of hundreds of my components:
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @polymer/iron-component-page [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @polymer/iron-component-page > @polymer/iron-doc-viewer > │
│ │ @polymer/marked-element > marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/812 │
└───────────────┴──────────────────────────────────────────────────────────────┘
I also use this element directly, not only through iron-component-page.
I tried to fork the repo and upgrade the version but tests fails. I am not sure what was intention so I will leave it up to you to fix this. I hope it can be fixed as my security team will definitely notice alerts very soon :)