Versions of default-deep before 0.2.4 are vulnerable to prototype pollution
Recommendation
Update to version 0.2.4 or later.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-3723
https://hackerone.com/reports/310514
https://github.com/advisories/G…
Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input.
The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds,
About 50k characters can bloc…
Version 3.7.2 of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers.
Recommendation
The best course of action…
