2

we are using mssql npm package it has dependency with like below:

mssql > tedious > @azure/identity > @azure/msal-node > jsonwebtoken

Now we are getting below audit error: https://github.com/advisories/GHSA-27h2-hvpr-p74q npm-audit-error

Any one already having this issue and know any workaround?

user2926764
  • 53
  • 6
  • 1
    I have reported this as [an issue](https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/5526). Probably people have also reported it as a vulnerability to their security people, but naturally there is no visibility of that, and I suspect that the maintainers could deal with this easily. – Oliver Bock Jan 03 '23 at 22:46

1 Answers1

0

As a temporary measure, I had to use yarn's Selective dependency resolutions https://classic.yarnpkg.com/en/docs/selective-version-resolutions/

in package.json:

"resolutions": {
    "@azure/msal-node": "^1.17.0"
  }
Dmytro Sokhach
  • 171
  • 1
  • 3