Topic: vue3-perfect-scrollbar Security Vulnerability
Expected behavior
no security vulnerabilities reported in npm install
Actual behavior
There is an issue with postcss-import and importing comments that could be malicious.
Resources (screenshots, code snippets etc.)
https://github.com/mercs600/vue3-perfect-scrollbar -> fork of vue3-perfect-scrollbar with updated dependencies
https://github.com/mercs600/vue3-perfect-scrollbar/issues/26 -> github issue reported in main repo
Hi! The repository you have linked is not ours.
mdb-vue-ui-kit includes a component that utilizes perfect-scrollbar. You can find it here:
https://mdbootstrap.com/docs/vue/methods/scrollbar/
jammerxd2 pro premium priority commented 10 months ago
I get that however, your component uses that dependent package which contains a vulnerability. And it seems that developer has abandoned the project as there hasn't been an update to it in some time.
Bartosz Cylwik staff commented 10 months ago
You are right, I'll add this to our list to decide what to do with this issue. Thank you for letting us know
jammerxd2 pro premium priority commented 10 months ago
Looks like the package maintainer finally made the update.
Bartosz Cylwik staff commented 10 months ago
Thanks, well check it out!
FREE CONSULTATION
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Answered
- User: Pro
- Premium support: No
- Technology: MDB Vue
- MDB Version: MDB5 4.1.1
- Device: PC
- Browser: Any
- OS: Windows 11
- Provided sample code: No
- Provided link: Yes