Bla Bla

What we do

Let's intentionally add a toxic dependency to our dependencies and then see how Mend handles this.

Try adding at two levels:

root-level package.json
sub-project package.json

Toxic modules to play with

"vm2": "^3.9.15",
"minimist": "1.2.3",
"handlebars": "4.7.3"

The candidates should:

... have a critical-level vulnerability
... this vulnerability should have a known fox
... this fix library should have the same major version as the vulnerable one

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
doc		doc
packages		packages
removed.husky		removed.husky
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.npmrc		.npmrc
LICENSE.md		LICENSE.md
README.md		README.md
nx.json		nx.json
package.json		package.json
yarn.lock		yarn.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

doc

doc

packages

packages

removed.husky

removed.husky

.gitattributes

.gitattributes

.gitignore

.gitignore

.gitlab-ci.yml

.gitlab-ci.yml

.npmrc

.npmrc

LICENSE.md

LICENSE.md

README.md

README.md

nx.json

nx.json

package.json

package.json

yarn.lock

yarn.lock

Repository files navigation

Bla Bla

What we do

Toxic modules to play with

About

Releases

Packages

Contributors 3

Languages

License

samq-research/sis-yarnworkspace

Folders and files

Latest commit

History

Repository files navigation

Bla Bla

What we do

Toxic modules to play with

About

Resources

License

Stars

Watchers

Forks

Languages