[GH-ISSUE #166] torrent-stream - vulnerability #136

New issue

Closed

opened 2026-02-25 20:32:32 +03:00 by kerem · 2 comments

kerem commented 2026-02-25 20:32:32 +03:00

Owner

Copy link

Originally created by @megadrazz on GitHub (Mar 3, 2019).
Original GitHub issue: https://github.com/asapach/peerflix-server/issues/166

npm install --save torrent-stream
npm WARN magnetman@1.0.0 No repository field.

• torrent-stream@1.1.0
  added 76 packages from 37 contributors and audited 998 packages in 3.114s
  found 1 high severity vulnerability
  run npm audit fix to fix them, or npm audit for details

                   === npm audit security report ===
  
  
                             Manual Review
         Some vulnerabilities require your attention to resolve
  
      Visit https://go.npm.me/audit-guide for additional guidance
  

  High Denial of Service

  Package ws

  Patched in >= 1.1.5 <2.0.0 || >=3.3.1

  Dependency of torrent-stream

  Path torrent-stream > torrent-discovery > bittorrent-tracker >
  simple-websocket > ws

  More info https://nodesecurity.io/advisories/550

found 1 high severity vulnerability in 998 scanned packages
1 vulnerability requires manual review. See the full report for details.

Originally created by @megadrazz on GitHub (Mar 3, 2019). Original GitHub issue: https://github.com/asapach/peerflix-server/issues/166 npm install --save torrent-stream npm WARN magnetman@1.0.0 No repository field. + torrent-stream@1.1.0 added 76 packages from 37 contributors and audited 998 packages in 3.114s found 1 high severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details === npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance High Denial of Service Package ws Patched in >= 1.1.5 <2.0.0 || >=3.3.1 Dependency of torrent-stream Path torrent-stream > torrent-discovery > bittorrent-tracker > simple-websocket > ws More info https://nodesecurity.io/advisories/550 found 1 high severity vulnerability in 998 scanned packages 1 vulnerability requires manual review. See the full report for details.

kerem closed this issue 2026-02-25 20:32:32 +03:00

kerem commented 2026-02-25 20:32:33 +03:00

Author

Owner

Copy link

@asapach commented on GitHub (Mar 3, 2019):

There is already an issue in torrent-stream: mafintosh/torrent-stream#191

<!-- gh-comment-id:469058819 --> @asapach commented on GitHub (Mar 3, 2019): There is already an issue in torrent-stream: mafintosh/torrent-stream#191

kerem commented 2026-02-25 20:32:33 +03:00

Author

Owner

Copy link

@megadrazz commented on GitHub (Mar 3, 2019):

ainda continua

npm install ws --save
npm WARN magnetman@1.0.0 No repository field.

• ws@6.1.4
  updated 1 package and audited 1000 packages in 4.087s
  found 1 high severity vulnerability
  run npm audit fix to fix them, or npm audit for details

<!-- gh-comment-id:469059989 --> @megadrazz commented on GitHub (Mar 3, 2019): ainda continua npm install ws --save npm WARN magnetman@1.0.0 No repository field. + ws@6.1.4 updated 1 package and audited 1000 packages in 4.087s found 1 high severity vulnerability run `npm audit fix` to fix them, or `npm audit` for details

kerem referenced this issue 2026-03-15 03:01:24 +03:00

[GH-ISSUE #136] Private torrent site file #327

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/npm_and_yarn/decode-uri-component-0.2.2

dependabot/npm_and_yarn/minimatch-and-grunt-and-grunt-contrib-jshint-and-grunt-contrib-watch-and-grunt-wiredep-and-load-grunt-tasks-3.0.4

dependabot/npm_and_yarn/socket.io-parser-and-karma-3.4.1

dependabot/npm_and_yarn/grunt-1.5.3

dependabot/npm_and_yarn/ajv-6.12.6

v0.6.0

v0.5.1

v0.5.0

v0.4.2

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.30

v0.0.29

v0.0.28

v0.0.27

v0.0.26

v0.0.25

v0.0.24

v0.0.23

v0.0.22

v0.0.21

v0.0.20

v0.0.19

v0.0.18

v0.0.17

v0.0.16

v0.0.15

v0.0.14

v0.0.13

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

Labels

Clear labels   

bug

  

duplicate

  

enhancement

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

tip

  

wontfix

No labels

bug

duplicate

enhancement

invalid

pull-request

question

tip

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/peerflix-server#136

No description provided.