Topic: vue3-perfect-scrollbar Security Vulnerability
jammerxd2 priority asked 8 months ago
Expected behavior
no security vulnerabilities reported in npm install
Actual behavior
There is an issue with postcss-import and importing comments that could be malicious.
Resources (screenshots, code snippets etc.)
https://github.com/mercs600/vue3-perfect-scrollbar -> fork of vue3-perfect-scrollbar with updated dependencies
https://github.com/mercs600/vue3-perfect-scrollbar/issues/26 -> github issue reported in main repo
Bartosz Cylwik staff answered 8 months ago
Hi! The repository you have linked is not ours.
mdb-vue-ui-kit
includes a component that utilizes perfect-scrollbar. You can find it here:
https://mdbootstrap.com/docs/vue/methods/scrollbar/
jammerxd2 priority commented 7 months ago
I get that however, your component uses that dependent package which contains a vulnerability. And it seems that developer has abandoned the project as there hasn't been an update to it in some time.
Bartosz Cylwik staff commented 7 months ago
You are right, I'll add this to our list to decide what to do with this issue. Thank you for letting us know
jammerxd2 priority commented 7 months ago
Looks like the package maintainer finally made the update.
Bartosz Cylwik staff commented 7 months ago
Thanks, well check it out!
FREE CONSULTATION
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Answered
- ForumUser: Priority
- Premium support: Yes
- Technology: MDB Vue
- MDB Version: MDB5 4.1.1
- Device: PC
- Browser: Any
- OS: Windows 11
- Provided sample code: No
- Provided link: Yes