filesystem-mcp-server$ npm audit
npm audit report
axios 1.0.0 - 1.11.0
Severity: high
Axios is vulnerable to DoS attack through lack of data size check - GHSA-4hjh-wcwx-xvwj
fix available via npm audit fix
node_modules/axios
brace-expansion 2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - GHSA-v6h2-p8h4-qcjw
fix available via npm audit fix
node_modules/brace-expansion
form-data 4.0.0 - 4.0.3
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4
fix available via npm audit fix
node_modules/form-data
js-yaml 4.0.0 - 4.1.0
Severity: moderate
js-yaml has prototype pollution in merge (<<) - GHSA-mh29-5h37-fv8m
fix available via npm audit fix
node_modules/js-yaml
validator <13.15.20
Severity: moderate
validator.js has a URL validation bypass vulnerability in its isURL function - GHSA-9965-vmph-33xx
fix available via npm audit fix --force
Will install validator@13.15.23, which is outside the stated dependency range
node_modules/validator
5 vulnerabilities (1 low, 2 moderate, 1 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues, run:
npm audit fix --force
filesystem-mcp-server$ npm audit
npm audit report
axios 1.0.0 - 1.11.0
Severity: high
Axios is vulnerable to DoS attack through lack of data size check - GHSA-4hjh-wcwx-xvwj
fix available via
npm audit fixnode_modules/axios
brace-expansion 2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - GHSA-v6h2-p8h4-qcjw
fix available via
npm audit fixnode_modules/brace-expansion
form-data 4.0.0 - 4.0.3
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4
fix available via
npm audit fixnode_modules/form-data
js-yaml 4.0.0 - 4.1.0
Severity: moderate
js-yaml has prototype pollution in merge (<<) - GHSA-mh29-5h37-fv8m
fix available via
npm audit fixnode_modules/js-yaml
validator <13.15.20
Severity: moderate
validator.js has a URL validation bypass vulnerability in its isURL function - GHSA-9965-vmph-33xx
fix available via
npm audit fix --forceWill install validator@13.15.23, which is outside the stated dependency range
node_modules/validator
5 vulnerabilities (1 low, 2 moderate, 1 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues, run:
npm audit fix --force