-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code Injection vulnerability found in js-yaml dependency #24
Comments
This shouldn't happen if you install globally
see: https:/tachyons-css/cli#installation
If you get this error, uninstall tachyons-cli [dev]:
then use the global installation command, to install the package properly. That will suppress the warning(s). |
Exactly. Oversight on my part. Reinstalled globally and it works without warning anymore. Thanks. |
tachyons-cli > tachyons-build-css > cssnano > postcss-svgo > svgo > js-yaml
To remediate:
Upgrade js-yaml to version 3.13.1 or later
https://npmjs.com/advisories/813
Thank you!
The text was updated successfully, but these errors were encountered: