-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm modules that contain the name of a CPE are falsely identified in v6.0.0 #2796
Comments
This is also occurring for other package managers: Nuget package Microsoft.AspNet.Web.Optimization.WebForms is reported as |
Another example: <suppress>
<notes><![CDATA[
file name: cacheable-lookup:2.0.1
]]></notes>
<packageUrl regex="true">^pkg:npm/cacheable\-lookup@.*$</packageUrl>
<cpe>cpe:/a:lookup:lookup</cpe>
</suppress> |
* broadly reduce vulnerability matches for NPM per #2796
At the moment - I highly recommend just disabling the Node JS Analyzer ( |
Numerous npm modules that contain the name of a package with a valid CPE are falsely identified as that CPE in v6.0.0 (cli). This did not occur with v5.3.2. See some examples below:
The text was updated successfully, but these errors were encountered: