Webpack-dev-server, vue-cli hacked?

H

hckn2019-01-02 09:06:58

JavaScript

hckn, 2019-01-02 09:06:58

As you probably noticed. in the last 2-3 days a warning appeared in the console, for which there is still no fix

https://www.npmjs.com/advisories/725
https://github.com/webpack/webpack-dev-server/issu.. Well ,
you're seething like no one is picking it up, I think everything is ok. Despite the warning in black and white

This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement (HMR) are not validated.

Petty, huh?
But what just happens is this: I write my code calmly (based on the Vue-cli template), but the Internet falls off and this is what appears:

Since when do you need an INTERNET CONNECTION to run a local project? What is that? Everything converges - HMR, websocket server, this has never happened before...

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Talalaev, 2019-01-02
@hckn

There is no vulnerability, in the database of potentially dangerous packages there is a typo for the type of version being checked, so instead of checking that the version is not lower than 3.1.10, it checks that it is not lower than 3.110.
As for the screenshot, I think it swears because when you disconnected the Internet, you apparently turned off the router (or disconnected) and your internal network fell, which means that the address 192.168.43.201 became unavailable.