# npm audit report @eslint/plugin-kit <0.3.4 @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser - https://github.com/advisories/GHSA-xffm-g5w8-qvg7 fix available via `npm audit fix --force` Will install eslint@9.39.4, which is outside the stated dependency range node_modules/@eslint/plugin-kit eslint 9.10.0 - 9.26.0 Depends on vulnerable versions of @eslint/plugin-kit node_modules/eslint ajv <6.14.0 || >=7.0.0-alpha.0 <8.18.0 Severity: moderate ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6 ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6 fix available via `npm audit fix --force` Will install ajv@8.18.0, which is outside the stated dependency range node_modules/@eslint/eslintrc/node_modules/ajv node_modules/ajv node_modules/eslint/node_modules/ajv brace-expansion 1.0.0 - 1.1.11 || 2.0.0 - 2.0.1 brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw fix available via `npm audit fix` node_modules/brace-expansion node_modules/glob/node_modules/brace-expansion flatted <3.4.0 Severity: high flatted vulnerable to unbounded recursion DoS in parse() revive phase - https://github.com/advisories/GHSA-25h7-pfq9-p65f fix available via `npm audit fix` node_modules/flatted immutable <3.8.3 || >=4.0.0-rc.1 <4.3.8 Severity: high Immutable is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-wf6x-7x77-mvgw Immutable is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-wf6x-7x77-mvgw fix available via `npm audit fix` node_modules/immutable node_modules/sass/node_modules/immutable js-yaml 4.0.0 - 4.1.0 Severity: moderate js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m fix available via `npm audit fix` node_modules/js-yaml lodash 4.0.0 - 4.17.21 Severity: moderate Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg fix available via `npm audit fix --force` Will install lodash@4.17.23, which is outside the stated dependency range node_modules/lodash lodash-es 4.0.0 - 4.17.22 Severity: moderate Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg fix available via `npm audit fix` node_modules/lodash-es minimatch <=3.1.3 || 9.0.0 - 9.0.6 Severity: high minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26 minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74 fix available via `npm audit fix` node_modules/glob/node_modules/minimatch node_modules/minimatch rollup 4.0.0 - 4.58.0 Severity: high Rollup 4 has Arbitrary File Write via Path Traversal - https://github.com/advisories/GHSA-mw96-cpmx-2vgc fix available via `npm audit fix` node_modules/rollup 11 vulnerabilities (3 low, 4 moderate, 4 high) To address issues that do not require attention, run: npm audit fix To address all issues, run: npm audit fix --force