Please see the report at https://github.com/ethersphere/swarm-cli/security
Running npm audit fix may be able to fix most of these issues, but in case there are compatibility issues with dependencies, we may need to dig deeper as part of a new issue.
Exploiting vulnerabilities is unlikely in the real world since swarm-cli does not run as a server nor in the browser, but there may be unknowns and it is also essential for user trust that we ship packages without such flaws.
Please see the report at https://github.com/ethersphere/swarm-cli/security
Running
npm audit fixmay be able to fix most of these issues, but in case there are compatibility issues with dependencies, we may need to dig deeper as part of a new issue.Exploiting vulnerabilities is unlikely in the real world since
swarm-clidoes not run as a server nor in the browser, but there may be unknowns and it is also essential for user trust that we ship packages without such flaws.