Login

Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
Fedor Indutny

There is something that have been bothering me for past few months, and resulted in me archiving node-ip repo on github: github.com/advisories/GHSA-78x

Someone filed a dubious CVE about my npm package, and then I started getting messages from all people getting warnings from `npm audit`.

I just posted a comment on the advisory issue github.com/github/advisory-dat asking to remove it, but looking at dicer's advisory github.com/advisories/GHSA-wm7 I see that there might be a larger pattern in place?

/1

GitHubCVE-2023-42282 - GitHub Advisory DatabaseNPM IP package incorrectly identifies some private IP addresses as public
Public
Mark Esler

@indutny if you want, I could help dispute and hopefully revoke the CVE

it's bogus that maintainers need to do this labor

Quiet public
Mark Esler

@indutny great, I'll send an email

I'm on vacation this week, but can get the ball rolling over the weekend

ExploreLive feeds
About