NSP check is reporting vulnerability on latest Webpack package.

[webpack-bot]

Do you want to request a feature or report a bug?

What is the current behavior?

If the current behavior is a bug, please provide the steps to reproduce.

What is the expected behavior?

If this is a feature request, what is motivation or use case for changing the behavior?

Please mention other relevant information such as the browser version, Node.js version, webpack version, and Operating System.

Just executed the nsp check command on my project and it is reporting a vulnerability on latest webpack package due to a downstream dependency on the module hoek.
Please refer the link from node security: https://nodesecurity.io/advisories/566

Path: webpack >> watchpack@1.4.0>>chokidar@1.7.0>>fsevents@1.1.3>>node-pre-gyp@0.6.39>>hawk>>hoek

---

This issue was moved from webpack/webpack#6513 by @evilebottnawi. Orginal issue was by @sneharghya.

[evenstensberg]

mozilla/hawk#234

[EugeneHlushko]

in that case it can be closed? @ev1stensberg

[evenstensberg]

That's not for me to decide

[realityking]

The problem is that fsevents bundles node-pre-gyp. See fsevents/fsevents#187 for details.

[stoikerty]

Is there an update on this by any chance?

Looks like the issue in fsevents has been resolved in v1.2.0
fsevents/fsevents#187 (comment)

fsevents has been updated to v1.2.2 just 18hrs ago

[alexander-akait]

@stoikerty hm, why don't update npm/yarn lock files?

[lysla]

Any news about this issue? Just started a new repo with fresh webpack setup and github is notifying me with the vulnerability issue on Hoek v2.16.3 in package lock dependencies. Should I just ignore it at the moment?

[evenstensberg]

Could you try to open an issue at the Hawk repository?

[alexander-akait]

@lysla looks you use webpack global and should reinstall, issue was fixed, just update you deps and lock files (also update webpack globally if you install globally)

[lysla]

@evilebottnawi i did not install webpack globally, i installed it in the local directory of a new project, was a fresh install. i will try to update (?) as in uninstall - re-install...

[alexander-akait]

@lysla yes, we every day install and reinstall webpack and no problem, also can you provide webpack version?