This repository was archived by the owner on May 1, 2020. It is now read-only.
This repository was archived by the owner on May 1, 2020. It is now read-only.
node-sass Denial of Service #1544
Description
Note: for support questions, please use one of these channels:
https://forum.ionicframework.com/
http://ionicworldwide.herokuapp.com/
Short description of the problem:
Vulnerability warning during npm audit for an @ionic/app-scripts dependency requirement of node-sass
What behavior are you expecting?
an available patch or replacement of the dependency requirement containing vulnerabilities
Steps to reproduce:
- Create an Ionic Angular application with a dev dependency of "@ionic/app-scripts": "3.1.8"
- Run npm audit
insert any relevant code between the above and below backticks
Here's the message from npm audit:
`Low Denial of Service
Package node-sass
Patched in No patch available
Dependency of @ionic/app-scripts [dev]
Path @ionic/app-scripts > node-sass
More info https://nodesecurity.io/advisories/961`
**Which @ionic/app-scripts version are you using?**
"@ionic/app-scripts": "3.1.8"
**Other information:** (e.g. stacktraces, related issues, suggestions how to fix, stackoverflow links, forum links, etc)
We run "npm audit" as part of our build process so the project won't complete the build unless this vulnerability is resolved. Any suggestions on a work around? Can node-sass be replaced as a dependency of @ionic/app-scripts? Any suggestions are greatly appreciated.