Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

JavaScript User Authentication With Express and Mongo User Registration Storing Passwords Securely

Bcrypt Low Severity Vulnerability

I installed bcrypt locally and it found 1 low severity vulnerability due to the deep-extend module.

One of the github contributors said this: "Although the issue is rated as moderate, it is rated as low for us, as we do not use the module in run-time. Even the module is not invoked while installing from npm."

Can anyone tell me if I need to fix this, and how I would fix this?

I get the impression that it can be fixed by patching to version 5.1 or later, but I tried running npm outdated and nothing came up as requiring update. I'm not sure how else I could update it. I also couldn't see deep-extend listed as a dependency in bcrypt's package.json.... So I'm really confused!

1 Answer

HIDAYATULLAH ARGHANDABI
HIDAYATULLAH ARGHANDABI
21,017 Points

there might an update have arrive for that issue run

npm update

to update the packages or you may want to update only the bcrypt package