Created
January 20, 2015 18:58
-
-
Save daviddias/4a94e8871c5bfe76133f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diasdavid 2 hours ago | |
Yo @alanshaw ! | |
around? | |
you did something well (again :grinning:) that we are missing in our nsp tool | |
https://david-dm.org/nodesecurity/nodesecurity-blog you identify and very well vulnerabilities on our blog app | |
but the nsp tool is skipping that | |
alanshaw 2 hours ago | |
ha! | |
diasdavid 2 hours ago | |
I’m thinking it is related with the ‘ranges search’ you talked and made possible, which means we are not doing well enough, would you like to share some of that wisdom ? :smile: | |
alanshaw 2 hours ago | |
david-dm is all over it | |
it’s no magic | |
david gets version numbers for a package from npm | |
filters them by the range you have in your package.json | |
alanshaw 2 hours ago | |
and then if any of those semver.satisfies the vulnerable versions range then you’re vulnerable | |
diasdavid 2 hours ago | |
I see, I’m realizing that this might be nodesecurity api issue, because shrinkwraps fail as well | |
need to update that on the www | |
once again, awesome work on david :smile: | |
alanshaw 2 hours ago | |
hey no problem | |
david’s unite! | |
diasdavid 2 hours ago | |
ahah :grinning: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment