Skip to content

Resolve npm package vulnerabilities #2607

Open
Open
Resolve npm package vulnerabilities#2607
Labels
a-CLIa-DevOpsa-Securitys.UnderDiscussionThe team will evaluate this issue to decide whether it is worth adding

Description

@lhw-1
lhw-1
opened on Feb 20, 2025

Please confirm that you have searched existing issues in the repo

Yes, I have searched the existing issues

Any related issues?

No response

What is the area that this feature belongs to?

DevOps, Security, CLI

Is your feature request related to a problem? Please describe.

Currently, there are several npm vulnerabilities being reported for MarkBind.

image

While some warnings are not directly relevant to MarkBind and can be of a lower priority, it is still better to resolve some of these before it potentially snowballs.

Describe the solution you'd like

The npm package manager advises running npm audit fix to automatically fix some of the vulnerabilities, but I am uncertain that this will allow us to resolve the issues properly (e.g. if the solutions suggested go against what we are planning, or if the solutions suggested is to directly upgrade packages we are maintaining for other reasons).

Ideally, we should go through the list and resolve the vulnerabilities individually (or even assess whether these are relevant or not). Any suggestions on better approaches welcome!

Describe alternatives you've considered

No response

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    a-CLIa-DevOpsa-Securitys.UnderDiscussionThe team will evaluate this issue to decide whether it is worth adding

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    2026 MarkBind Roadmap
    Status
    Discussion

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions