You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 15, 2025. It is now read-only.
Describe the bug
When adding jest-schematic >2.1.1 npm audit reports a moderate security risk.
To Reproduce
Steps to reproduce the behavior:
Init an empty Angular project, e.g. ng new jest-schematic-repro
cd into the project dir
ng add @briebug/jest-schematic according to README
npm audit afterwards
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install @briebug/jest-schematic@2.1.1, which is a breaking change
node_modules/@schuchard/schematics-core/node_modules/ajv
@angular-devkit/core 0.0.24 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of ajv
node_modules/@schuchard/schematics-core/node_modules/@angular-devkit/core
@angular-devkit/schematics 0.0.43 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
node_modules/@schuchard/schematics-core/node_modules/@angular-devkit/schematics
@schematics/angular 0.1.12 - 8.3.28 || 9.0.0-next.0 - 9.1.11 || 10.0.0-next.0 - 10.0.3
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
node_modules/@schuchard/schematics-core/node_modules/@schematics/angular
@schuchard/schematics-core *
Depends on vulnerable versions of @angular-devkit/core
Depends on vulnerable versions of @angular-devkit/schematics
Depends on vulnerable versions of @schematics/angular
node_modules/@schuchard/schematics-core
@briebug/jest-schematic >=2.2.0
Depends on vulnerable versions of @schuchard/schematics-core
node_modules/@briebug/jest-schematic
6 moderate severity vulnerabilities
Recommends npm audit fix --force which is hard to plan ahead with a medium sized dependency tree containing other less severe security risks.
Expected behavior
Adding jest-schematic does not worsen security.
Workaround
Pin version to 2.1.1, e.g. explicitely do not install latest ng add @briebug/jest-schematic@2.1.1. Or don't use this package. Instead follow the Jest setup guide on the official page https://jestjs.io.
Describe the bug
When adding jest-schematic >2.1.1 npm audit reports a moderate security risk.
To Reproduce
Steps to reproduce the behavior:
ng add @briebug/jest-schematicaccording to READMEnpm auditafterwardsRecommends
npm audit fix --forcewhich is hard to plan ahead with a medium sized dependency tree containing other less severe security risks.Expected behavior
Adding jest-schematic does not worsen security.
Workaround
Pin version to 2.1.1, e.g. explicitely do not install latest
ng add @briebug/jest-schematic@2.1.1. Or don't use this package. Instead follow the Jest setup guide on the official page https://jestjs.io.