What to build
Socket detected 6 instances of a high-severity CVE in 1 package. This is likely coming from tiged or one of its transitive dependencies. We need to identify the vulnerable package, check if a patched version exists, and either upgrade or replace it.
Steps to resolve
- Run
npm audit to identify which package has the CVE.
- Check if the vulnerability is in
tiged itself or a transitive dependency.
- If a patch exists: upgrade the dependency.
- If no patch exists: evaluate replacing
tiged with degit or a custom GitHub download using tar + fetch.
Acceptance criteria
What to build
Socket detected 6 instances of a high-severity CVE in 1 package. This is likely coming from
tigedor one of its transitive dependencies. We need to identify the vulnerable package, check if a patched version exists, and either upgrade or replace it.Steps to resolve
npm auditto identify which package has the CVE.tigeditself or a transitive dependency.tigedwithdegitor a custom GitHub download usingtar+fetch.Acceptance criteria
npm auditshows 0 high/critical vulnerabilities.tigedis the source, evaluate alternatives (degit, direct GitHub tarball download).