Topic: vue3-perfect-scrollbar Security Vulnerability

jammerxd2 priority asked 4 months ago

Expected behavior

no security vulnerabilities reported in npm install

Actual behavior

There is an issue with postcss-import and importing comments that could be malicious.

Resources (screenshots, code snippets etc.) -> fork of vue3-perfect-scrollbar with updated dependencies -> github issue reported in main repo

Bartosz Cylwik staff answered 4 months ago

Hi! The repository you have linked is not ours.

mdb-vue-ui-kit includes a component that utilizes perfect-scrollbar. You can find it here:

jammerxd2 priority commented 3 months ago

I get that however, your component uses that dependent package which contains a vulnerability. And it seems that developer has abandoned the project as there hasn't been an update to it in some time.

Bartosz Cylwik staff commented 3 months ago

You are right, I'll add this to our list to decide what to do with this issue. Thank you for letting us know

jammerxd2 priority commented 3 months ago

Looks like the package maintainer finally made the update.

Bartosz Cylwik staff commented 3 months ago

Thanks, well check it out!

Please insert min. 20 characters.


Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.



Specification of the issue

  • ForumUser: Priority
  • Premium support: Yes
  • Technology: MDB Vue
  • MDB Version: MDB5 4.1.1
  • Device: PC
  • Browser: Any
  • OS: Windows 11
  • Provided sample code: No
  • Provided link: Yes