Topic: vue3-perfect-scrollbar Security Vulnerability

jammerxd2 priority asked 4 months ago


Expected behavior

no security vulnerabilities reported in npm install

Actual behavior

There is an issue with postcss-import and importing comments that could be malicious.

Resources (screenshots, code snippets etc.)

https://github.com/mercs600/vue3-perfect-scrollbar -> fork of vue3-perfect-scrollbar with updated dependencies

https://github.com/mercs600/vue3-perfect-scrollbar/issues/26 -> github issue reported in main repo


Bartosz Cylwik staff answered 4 months ago


Hi! The repository you have linked is not ours.

mdb-vue-ui-kit includes a component that utilizes perfect-scrollbar. You can find it here:

https://mdbootstrap.com/docs/vue/methods/scrollbar/


jammerxd2 priority commented 3 months ago

I get that however, your component uses that dependent package which contains a vulnerability. And it seems that developer has abandoned the project as there hasn't been an update to it in some time.


Bartosz Cylwik staff commented 3 months ago

You are right, I'll add this to our list to decide what to do with this issue. Thank you for letting us know


jammerxd2 priority commented 3 months ago

Looks like the package maintainer finally made the update.


Bartosz Cylwik staff commented 3 months ago

Thanks, well check it out!



Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue

  • ForumUser: Priority
  • Premium support: Yes
  • Technology: MDB Vue
  • MDB Version: MDB5 4.1.1
  • Device: PC
  • Browser: Any
  • OS: Windows 11
  • Provided sample code: No
  • Provided link: Yes