Vulnerabilities

DepShield reports that this application's usage of lodash.camelcase:4.3.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.camelcase:4.3.0 is a transitive dependency introduced by the following direct dependency(s):

• command-line-args:5.1.1
        └─ lodash.camelcase:4.3.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isequal:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.isequal:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• np:7.2.0
        └─ ow:0.21.0
              └─ lodash.isequal:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Describe the bug
--quiet minimizes console output, but there are still cursor movements and line breaks.

To Reproduce
Steps to reproduce the behavior:

1.Run code with --quiet (e.g. node src/index.js example -q)
2.See error

Expected behavior
A clear and concise description of what you expected to happen.

Environment

• OS: Windows 10 1909 (Build 18363.1082)
• Version: 2.0 (Tree)

Additional context
Probably because I forgot to insert ifs in readline.moveCursor or console.log.

Vulnerabilities

DepShield reports that this application's usage of kind-of:5.1.0 results in the following vulnerability(s):

• (CVSS 5.3) CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Occurrences

kind-of:5.1.0 is a transitive dependency introduced by the following direct dependency(s):

• jest:26.6.3
        └─ @jest/core:26.6.3
              └─ jest-haste-map:26.6.2
                    └─ sane:4.1.0
                          └─ micromatch:3.1.10
                                └─ snapdragon:0.8.2
                                      └─ define-property:0.2.5
                                            └─ is-descriptor:0.1.6
                                                  └─ kind-of:5.1.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of kind-of:4.0.0 results in the following vulnerability(s):

• (CVSS 5.3) CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Occurrences

kind-of:4.0.0 is a transitive dependency introduced by the following direct dependency(s):

• jest:26.6.3
        └─ @jest/core:26.6.3
              └─ jest-haste-map:26.6.2
                    └─ sane:4.1.0
                          └─ micromatch:3.1.10
                                └─ snapdragon:0.8.2
                                      └─ base:0.11.2
                                            └─ cache-base:1.0.1
                                                  └─ has-value:1.0.0
                                                        └─ has-values:1.0.0
                                                              └─ kind-of:4.0.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of ini:1.3.8 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

ini:1.3.8 is a transitive dependency introduced by the following direct dependency(s):

• remark-cli:8.0.1
        └─ unified-args:8.1.0
              └─ unified-engine:8.0.0
                    └─ load-plugin:3.0.0
                          └─ libnpmconfig:1.2.1
                                └─ ini:1.3.8

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.sortby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.sortby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• jest:26.6.3
        └─ @jest/core:26.6.3
              └─ jest-config:26.6.3
                    └─ jest-environment-jsdom:26.6.2
                          └─ jsdom:16.4.0
                                └─ whatwg-url:8.4.0
                                      └─ lodash.sortby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Related to a problem
The checker does not search for top-level domains that contain ".jp". "co.jp", "or.jp" etc.
There are also real domains such as google.co.jp.

Describe the solution you'd like
Feature to check top-level domains with "co".

Maybe only Japanese are involved in this attribute type domain, is there a good list? JPRS described Attribute type domains. Thanks!

Vulnerabilities

DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• ts-jest:26.4.4
        └─ lodash.memoize:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Overview

When I run the program with --quiet, the result output is nothing.
Nothing has been added to the aliveDomain array either. This may be due to the ping being skipped.

Output

      ┌────────────────────┐
      │                    │
      │   --- Result---    │
      │                    │
      │                    │
      │                    │
      │   0 domain alive   │
      │                    │
      └────────────────────┘

Describe the bug
When I run a command on Linux, it takes a very long time for the ping to complete.

To Reproduce
Steps to reproduce the behavior:

1.Use Linux
2.Run command
3.See error

Expected behavior
Behavior similar to Windows.

Environment

• OS: Manjaro 20.1.1
• Version: 3.1.1

Additional context

Exception:

/home/potato1682/Projects/TopDomainChecker/node_modules/.pnpm/ping@0.2.3/node_modules/ping/lib/parser/mac.js:42
        this._times.push(parseFloat(match[1], 10));
                                         ^

[  TypeError: Cannot read property '1' of null

  - mac.js:42 LinuxParser.MacParser._processBody
    [TopDomainChecker]/[ping@0.2.3]/[ping]/lib/parser/mac.js:42:42

  - linux.js:45 LinuxParser._processBody
    [TopDomainChecker]/[ping@0.2.3]/[ping]/lib/parser/linux.js:45:38

  - base.js:133 LinuxParser.parser.eat
    [TopDomainChecker]/[ping@0.2.3]/[ping]/lib/parser/base.js:133:14

  - underscore.js:647
    [TopDomainChecker]/[underscore@1.11.0]/[underscore]/underscore.js:647:21

  - underscore.js:1230 Function.each
    [TopDomainChecker]/[underscore@1.11.0]/[underscore]/underscore.js:1230:9

  - ping-promise.js:83 ChildProcess.<anonymous>
    [TopDomainChecker]/[ping@0.2.3]/[ping]/lib/ping-promise.js:83:12

  - events.js:421 Object.onceWrapper
    events.js:421:26

  - events.js:314 ChildProcess.emit
    events.js:314:20

  - child_process.js:1047 maybeClose
    internal/child_process.js:1047:16

  - child_process.js:438 Socket.<anonymous>
    internal/child_process.js:438:11

]

Vulnerabilities

DepShield reports that this application's usage of kind-of:3.2.2 results in the following vulnerability(s):

• (CVSS 5.3) CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Occurrences

kind-of:3.2.2 is a transitive dependency introduced by the following direct dependency(s):

• jest:26.6.3
        └─ @jest/core:26.6.3
              └─ jest-haste-map:26.6.2
                    └─ sane:4.1.0
                          └─ micromatch:3.1.10
                                └─ braces:2.3.2
                                      └─ fill-range:4.0.0
                                            └─ is-number:3.0.0
                                                  └─ kind-of:3.2.2
                                      └─ snapdragon-node:2.1.1
                                            └─ snapdragon-util:3.0.1
                                                  └─ kind-of:3.2.2
                                └─ snapdragon:0.8.2
                                      └─ base:0.11.2
                                            └─ cache-base:1.0.1
                                                  └─ has-value:1.0.0
                                                        └─ has-values:1.0.0
                                                              └─ is-number:3.0.0
                                                                    └─ kind-of:3.2.2
                                                  └─ to-object-path:0.3.0
                                                        └─ kind-of:3.2.2
                                            └─ class-utils:0.3.6
                                                  └─ static-extend:0.1.2
                                                        └─ object-copy:0.1.0
                                                              └─ kind-of:3.2.2
                                      └─ define-property:0.2.5
                                            └─ is-descriptor:0.1.6
                                                  └─ is-accessor-descriptor:0.1.6
                                                        └─ kind-of:3.2.2
                                                  └─ is-data-descriptor:0.1.4
                                                        └─ kind-of:3.2.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-unicorn:22.0.0
        └─ eslint-ast-utils:1.1.0
              └─ lodash.get:4.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):

• ping:0.2.3
        └─ q:1.5.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• eslint-plugin-import:2.22.1
        └─ eslint-import-resolver-node:0.3.4
              └─ debug:2.6.9
        └─ eslint-module-utils:2.6.0
              └─ debug:2.6.9
        └─ debug:2.6.9

• jest:26.6.3
        └─ @jest/core:26.6.3
              └─ jest-haste-map:26.6.2
                    └─ sane:4.1.0
                          └─ micromatch:3.1.10
                                └─ extglob:2.0.4
                                      └─ expand-brackets:2.1.4
                                            └─ debug:2.6.9
                                └─ snapdragon:0.8.2
                                      └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of ini:1.3.7 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

ini:1.3.7 is a transitive dependency introduced by the following direct dependency(s):

• np:7.2.0
        └─ is-installed-globally:0.3.2
              └─ global-dirs:2.1.0
                    └─ ini:1.3.7
        └─ npm-name:6.0.1
              └─ registry-auth-token:4.2.1
                    └─ rc:1.2.8
                          └─ ini:1.3.7

• remark-cli:9.0.0
        └─ unified-args:8.1.0
              └─ unified-engine:8.0.0
                    └─ load-plugin:3.0.0
                          └─ libnpmconfig:1.2.1
                                └─ ini:1.3.7

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of sync-exec:0.6.2 results in the following vulnerability(s):

• (CVSS 4.0) CWE-377: Insecure Temporary File

Occurrences

sync-exec:0.6.2 is a transitive dependency introduced by the following direct dependency(s):

• copy-paste:1.3.0
        └─ sync-exec:0.6.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}