Package vulnerabilities warning #2
Description
Hey, I see you are not quite active but thought of still leaving a comment.
Your tool is great and we use it everyday to lint our HTML on an Angular 7.3.6 project.
However, npm is identifying vulnerabilities in your package. Now, these do not really matter much as htmlhint-ng2 is supposed to be a devDependency anyway, but it would be nice to sort those out.
Here is the npm audit output:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Arbitrary File Write
Package cli
Patched in >=1.0.0
Dependency of htmlhint-ng2 [dev]
Path htmlhint-ng2 > jshint > cli
More info https://npmjs.com/advisories/95
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of htmlhint-ng2 [dev]
Path htmlhint-ng2 > jshint > cli > glob > minimatch
More info https://npmjs.com/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of htmlhint-ng2 [dev]
Path htmlhint-ng2 > jshint > minimatch
More info https://npmjs.com/advisories/118
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of htmlhint-ng2 [dev]
Path htmlhint-ng2 > jshint > lodash
More info https://npmjs.com/advisories/577
High Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of htmlhint-ng2 [dev]
Path htmlhint-ng2 > jshint > lodash
More info https://npmjs.com/advisories/782
High Prototype Pollution
Package lodash
Patched in >=4.17.12
Dependency of htmlhint-ng2 [dev]
Path htmlhint-ng2 > jshint > lodash
More info https://npmjs.com/advisories/1065
Probably all you need is npm audit fix on your side ?? Maybe I'll take the time to fork it and give it a try myself. If you are able to fix this one that'd be great for automation and warning-clean addicts like me!