Vue CLI mixin-deep Prototype Pollution

So I noticed the other day that a video on one of my web apps had stopped working, and I went in to fix the issue, and figured I would run an npm audit to make sure everything was in order. That’s when I found 222 high-severity vulnerabilities, all coming from the mixin-deep package. It appears to be a Prototype Pollution issue, which I did some reading on and found that recently it has been picking up some attention.
The issue seems to be stemming from the Vue CLI, and how it is using the package, but my knowledge of that is limited.
I tried updating the package, and updating npm, and re-running the audit with no success.
Has anyone else seen this type of issue, or have any knowledge on what could help it?

2 Likes

Hi @OminousOctopus I just ran into the same issue with my project.

To resolve it I ran:

npm audit fix
npm audit
                       === npm audit security report ===

found 0 vulnerabilities
 in 24168 scanned packages

Looks like it was related to these two advisories published by npm a couple days ago:

  1. https://www.npmjs.com/advisories/1012
  2. https://www.npmjs.com/advisories/1013

Hope that helps :v:

Yeah! Strange. Thanks for the links!