Description
npm provides the following after installing nightmare latest , the workaround (since its not actually fixing the underlying problems) was to downgrade to v2.8.1
unfortunately this earlier version does not appear to be functional, running the starting example code provided on the nightmare readme file results in the Electron browser appearing and immediately closing. sigh, guess its back to using webdriver, hope one day this very promising library becomes hardened and stable.
npm audit report
electron <=11.4.12
Severity: high
Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API - GHSA-mpjm-v997-c4h4
IPC messages delivered to the wrong frame in Electron - GHSA-hvf8-h2qh-37m9
Context isolation bypass via leaked cross-context objects in Electron - GHSA-m93v-9qjc-3g79
Context isolation bypass via Promise in Electron - GHSA-6vrv-94jv-crrg
fix available via npm audit fix --force
Will install nightmare@2.8.0, which is a breaking change
node_modules/electron
nightmare >=2.8.1
Depends on vulnerable versions of electron
node_modules/nightmare
2 vulnerabilities (1 moderate, 1 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Activity