Skip to content
This repository has been archived by the owner on Apr 19, 2023. It is now read-only.

amplify video add command not found #350

Open
kjetilge opened this issue Jul 10, 2022 · 1 comment
Open

amplify video add command not found #350

kjetilge opened this issue Jul 10, 2022 · 1 comment

Comments

@kjetilge
Copy link

kjetilge commented Jul 10, 2022
edited
Loading

Describe the bug
Running amplify video add results in ⚠️ The Amplify CLI can NOT find command: video add

To Reproduce
Steps to reproduce the behavior:

  1. Install amplify cli: npm install -g @aws-amplify/cli
  2. Install amplify-video plugin npm i amplify-category-video -g
  3. In an amplify project folder try: amplify video add

Expected behavior
A video resource should be added to the Amplify project

Desktop

  • OS: MacOs 11.6.6
  • node version: 16.13.1
  • amplify cli version: 9.1.0

Additional context
Installing the plugin looks like this:

npm i amplify-category-video -g

changed 146 packages, and audited 147 packages in 2s

25 packages are looking for funding
  run `npm fund` for details

1 critical severity vulnerability

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Running npm audit yields:

# npm audit report

@aws-sdk/shared-ini-file-loader  <=1.0.0-rc.8
Severity: high
Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader - https://github.com/advisories/GHSA-rrc9-gqf8-8rwg
fix available via `npm audit fix`
node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-amplify/cache/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/shared-ini-file-loader
node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/shared-ini-file-loader
  @aws-sdk/credential-provider-ini  <=1.0.0-rc.8
  Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
  node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-ini
  node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-ini
  @aws-sdk/credential-provider-process  <=1.0.0-rc.8
  Depends on vulnerable versions of @aws-sdk/credential-provider-ini
  Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
  node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-process
  node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-process
    @aws-sdk/credential-provider-node  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-ini
    Depends on vulnerable versions of @aws-sdk/credential-provider-process
    node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/credential-provider-node
    node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/credential-provider-node
  @aws-sdk/node-config-provider  <=1.0.0-rc.8
  Depends on vulnerable versions of @aws-sdk/shared-ini-file-loader
  node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-amplify/cache/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-firehose/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-kinesis/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-personalize-events/node_modules/@aws-sdk/node-config-provider
  node_modules/@aws-sdk/client-pinpoint/node_modules/@aws-sdk/node-config-provider
    @aws-sdk/client-cognito-identity  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/client-cognito-identity
    node_modules/@aws-amplify/cache/node_modules/@aws-sdk/client-cognito-identity
      @aws-amplify/core  3.4.7-ui-preview.9 - 3.4.7-unstable.17 || 3.5.2-unstable.1 - 3.8.13
      Depends on vulnerable versions of @aws-sdk/client-cognito-identity
      Depends on vulnerable versions of @aws-sdk/credential-provider-cognito-identity
      node_modules/@aws-amplify/analytics/node_modules/@aws-amplify/core
      node_modules/@aws-amplify/cache/node_modules/@aws-amplify/core
        @aws-amplify/analytics  3.2.8-ui-preview.9 - 3.2.8-unstable.17 || 3.3.2-unstable.1 - 4.0.9
        Depends on vulnerable versions of @aws-amplify/cache
        Depends on vulnerable versions of @aws-amplify/core
        Depends on vulnerable versions of @aws-sdk/client-firehose
        Depends on vulnerable versions of @aws-sdk/client-kinesis
        Depends on vulnerable versions of @aws-sdk/client-personalize-events
        Depends on vulnerable versions of @aws-sdk/client-pinpoint
        node_modules/@aws-amplify/analytics
        @aws-amplify/cache  3.1.24-ui-preview.9 - 3.1.24-unstable.17 || 3.1.27-unstable.1 - 3.1.27-unstable.6 || 3.1.28-unstable.1 - 3.1.28-unstable.5 || 3.1.29-unstable.1 - 3.1.29-unstable.3 || 3.1.30-unstable.1 - 3.1.30-unstable.9 || 3.1.31-unstable.1 - 3.1.31-unstable.10 || 3.1.32-unstable.1 - 3.1.32-unstable.11 || 3.1.33-pr-7040.16 - 3.1.33-unstable.14 || 3.1.34-unstable.1 - 3.1.34-unstable.2 || 3.1.35-unstable.1 - 3.1.35-unstable.2 || 3.1.36-native.8 - 3.1.46
        Depends on vulnerable versions of @aws-amplify/core
        node_modules/@aws-amplify/cache
      @aws-sdk/credential-provider-cognito-identity  <=1.0.0-rc.8
      Depends on vulnerable versions of @aws-sdk/client-cognito-identity
      node_modules/@aws-amplify/analytics/node_modules/@aws-sdk/credential-provider-cognito-identity
      node_modules/@aws-amplify/cache/node_modules/@aws-sdk/credential-provider-cognito-identity
    @aws-sdk/client-firehose  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-firehose
    @aws-sdk/client-kinesis  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-kinesis
    @aws-sdk/client-personalize-events  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-personalize-events
    @aws-sdk/client-pinpoint  <=1.0.0-rc.8
    Depends on vulnerable versions of @aws-sdk/credential-provider-node
    Depends on vulnerable versions of @aws-sdk/node-config-provider
    node_modules/@aws-sdk/client-pinpoint

ansi-html  <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ansi-html
  webpack-dev-server  2.0.0-beta - 4.7.2
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of selfsigned
  Depends on vulnerable versions of sockjs
  Depends on vulnerable versions of yargs
  node_modules/webpack-dev-server
    react-scripts  0.1.0 - 5.0.0-next.60
    Depends on vulnerable versions of @svgr/webpack
    Depends on vulnerable versions of babel-jest
    Depends on vulnerable versions of css-loader
    Depends on vulnerable versions of fork-ts-checker-webpack-plugin-alt
    Depends on vulnerable versions of jest
    Depends on vulnerable versions of optimize-css-assets-webpack-plugin
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of terser-webpack-plugin
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/react-scripts

axios  <0.21.2
Severity: high
Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
fix available via `npm audit fix`
node_modules/axios
  @aws-amplify/api-rest  <=2.0.13
  Depends on vulnerable versions of axios
  node_modules/@aws-amplify/api-rest
    @aws-amplify/api  1.0.38-preview.45 - 1.0.38-preview.121 || 1.2.5-unstable.0 - 1.3.1-ui-preview.54 || 3.0.1-preview.0 - 4.0.13
    Depends on vulnerable versions of @aws-amplify/api-graphql
    Depends on vulnerable versions of @aws-amplify/api-rest
    node_modules/@aws-amplify/api
      aws-amplify-react  >=4.1.23-unstable.2
      Depends on vulnerable versions of @aws-amplify/api
      node_modules/aws-amplify-react
    @aws-amplify/api-graphql  <=2.2.2
    Depends on vulnerable versions of @aws-amplify/api-rest
    node_modules/@aws-amplify/api-graphql
  @aws-amplify/storage  3.1.4-unstable.0 - 4.3.8
  Depends on vulnerable versions of axios
  node_modules/@aws-amplify/storage

braces  <=2.3.0
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-cli/node_modules/braces
node_modules/jest-config/node_modules/braces
node_modules/jest-message-util/node_modules/braces
node_modules/jest-runner/node_modules/braces
node_modules/jest-runtime/node_modules/braces
node_modules/test-exclude/node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/jest-cli/node_modules/micromatch
  node_modules/jest-config/node_modules/micromatch
  node_modules/jest-message-util/node_modules/micromatch
  node_modules/jest-runner/node_modules/micromatch
  node_modules/jest-runtime/node_modules/micromatch
  node_modules/test-exclude/node_modules/micromatch
    jest-cli  0.10.2 - 24.8.0
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-environment-jsdom
    Depends on vulnerable versions of jest-haste-map
    Depends on vulnerable versions of jest-message-util
    Depends on vulnerable versions of jest-resolve-dependencies
    Depends on vulnerable versions of jest-runner
    Depends on vulnerable versions of jest-runtime
    Depends on vulnerable versions of jest-snapshot
    Depends on vulnerable versions of jest-util
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of node-notifier
    Depends on vulnerable versions of yargs
    node_modules/jest-cli
      jest  13.3.0-alpha.4eb0c908 - 23.6.0
      Depends on vulnerable versions of jest-cli
      node_modules/jest
    jest-config  12.1.1-alpha.2935e14d - 25.5.4
    Depends on vulnerable versions of babel-jest
    Depends on vulnerable versions of jest-environment-jsdom
    Depends on vulnerable versions of jest-environment-node
    Depends on vulnerable versions of jest-jasmine2
    Depends on vulnerable versions of jest-util
    Depends on vulnerable versions of micromatch
    node_modules/jest-config
      jest-runner  21.0.0-alpha.1 - 22.4.4 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-haste-map
      Depends on vulnerable versions of jest-jasmine2
      Depends on vulnerable versions of jest-message-util
      Depends on vulnerable versions of jest-runtime
      Depends on vulnerable versions of jest-util
      node_modules/jest-runner
      jest-runtime  14.1.0 - 24.8.0
      Depends on vulnerable versions of babel-plugin-istanbul
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-haste-map
      Depends on vulnerable versions of jest-message-util
      Depends on vulnerable versions of jest-snapshot
      Depends on vulnerable versions of jest-util
      Depends on vulnerable versions of micromatch
      Depends on vulnerable versions of yargs
      node_modules/jest-runtime
    jest-haste-map  16.1.0-alpha.691b0e22 - 24.0.0
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of sane
    node_modules/jest-cli/node_modules/jest-haste-map
    node_modules/jest-runner/node_modules/jest-haste-map
    node_modules/jest-runtime/node_modules/jest-haste-map
    jest-message-util  18.5.0-alpha.7da3df39 - 23.1.0 || 23.4.0 - 24.0.0-alpha.16
    Depends on vulnerable versions of micromatch
    node_modules/jest-message-util
      expect  21.0.0-beta.1 - 22.4.3 || 23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-message-util
      node_modules/expect
        jest-jasmine2  18.5.0-alpha.7da3df39 - 22.4.4 || 23.4.0 - 23.6.0
        Depends on vulnerable versions of expect
        Depends on vulnerable versions of jest-message-util
        Depends on vulnerable versions of jest-snapshot
        Depends on vulnerable versions of jest-util
        node_modules/jest-jasmine2
      jest-snapshot  23.4.0 - 23.6.0
      Depends on vulnerable versions of jest-message-util
      node_modules/jest-snapshot
        jest-resolve-dependencies  23.4.0 - 23.6.0
        Depends on vulnerable versions of jest-snapshot
        node_modules/jest-resolve-dependencies
      jest-util  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
      Depends on vulnerable versions of jest-message-util
      node_modules/jest-cli/node_modules/jest-util
      node_modules/jest-config/node_modules/jest-util
      node_modules/jest-environment-jsdom/node_modules/jest-util
      node_modules/jest-environment-node/node_modules/jest-util
      node_modules/jest-jasmine2/node_modules/jest-util
      node_modules/jest-runner/node_modules/jest-util
      node_modules/jest-runtime/node_modules/jest-util
        jest-environment-jsdom  10.0.2 - 25.5.0
        Depends on vulnerable versions of jest-util
        Depends on vulnerable versions of jsdom
        node_modules/jest-environment-jsdom
        jest-environment-node  18.5.0-alpha.7da3df39 - 22.4.3 || 23.4.0
        Depends on vulnerable versions of jest-util
        node_modules/jest-environment-node
    test-exclude  <=4.2.3
    Depends on vulnerable versions of micromatch
    node_modules/test-exclude
      babel-plugin-istanbul  <=5.0.0
      Depends on vulnerable versions of test-exclude
      node_modules/babel-plugin-istanbul
        babel-jest  14.2.0-alpha.ca8bfb6e - 24.0.0-alpha.16
        Depends on vulnerable versions of babel-plugin-istanbul
        node_modules/babel-jest

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
  react-dev-utils  0.4.0 - 12.0.0-next.60
  Depends on vulnerable versions of browserslist
  Depends on vulnerable versions of globby
  Depends on vulnerable versions of immer
  Depends on vulnerable versions of shell-quote
  node_modules/react-dev-utils

chownr  <1.1.0
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr - https://github.com/advisories/GHSA-c6rq-rjc2-86v2
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/chownr

glob-parent  <5.1.2
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    fork-ts-checker-webpack-plugin-alt  *
    Depends on vulnerable versions of chokidar
    node_modules/fork-ts-checker-webpack-plugin-alt
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/globby
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob

hermes-engine  <=0.9.0
Severity: critical
Access of Resource Using Incompatible Type in Hermes - https://github.com/advisories/GHSA-7mhc-prgv-r3q4
fix available via `npm audit fix`
node_modules/hermes-engine
  react-native  <=0.0.0-ffdfbbec0 || 0.61.0-rc.0 - 0.68.2
  Depends on vulnerable versions of @react-native-community/cli
  Depends on vulnerable versions of @react-native-community/cli-platform-android
  Depends on vulnerable versions of @react-native-community/cli-platform-ios
  Depends on vulnerable versions of hermes-engine
  node_modules/react-native

immer  <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
Prototype Pollution in immer - https://github.com/advisories/GHSA-9qmh-276g-x5pj
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/react-dev-utils/node_modules/immer

ini  <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/ini

jsdom  <=16.4.0
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-environment-jsdom/node_modules/jsdom

merge  <2.1.1
Severity: high
Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/merge
  exec-sh  <=0.3.1
  Depends on vulnerable versions of merge
  node_modules/jest-cli/node_modules/exec-sh
  node_modules/jest-runner/node_modules/exec-sh
  node_modules/jest-runtime/node_modules/exec-sh
  node_modules/watch/node_modules/exec-sh
    sane  1.0.4 - 4.0.2
    Depends on vulnerable versions of exec-sh
    Depends on vulnerable versions of watch
    node_modules/jest-cli/node_modules/sane
    node_modules/jest-runner/node_modules/sane
    node_modules/jest-runtime/node_modules/sane
    watch  >=0.14.0
    Depends on vulnerable versions of exec-sh
    node_modules/watch

minimist  <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/minimist
node_modules/react-scripts/node_modules/fsevents/node_modules/rc/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/react-scripts/node_modules/fsevents/node_modules/mkdirp

node-forge  <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

node-notifier  <8.0.1
Severity: moderate
OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-notifier

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/core  <=3.1.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/core
        @svgr/webpack  <=3.1.0
        Depends on vulnerable versions of @svgr/core
        node_modules/@svgr/webpack
      postcss-svgo  4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
      Depends on vulnerable versions of svgo
      node_modules/postcss-svgo
        cssnano-preset-default  <=4.0.8
        Depends on vulnerable versions of postcss-svgo
        node_modules/cssnano-preset-default
          cssnano  4.0.0-nightly.2020.1.9 - 4.1.11
          Depends on vulnerable versions of cssnano-preset-default
          node_modules/cssnano
            optimize-css-assets-webpack-plugin  3.2.1 || 5.0.0 - 5.0.8
            Depends on vulnerable versions of cssnano
            node_modules/optimize-css-assets-webpack-plugin

postcss  <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/postcss
  css-loader  0.15.0 - 1.0.1
  Depends on vulnerable versions of icss-utils
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of postcss-modules-extract-imports
  Depends on vulnerable versions of postcss-modules-local-by-default
  Depends on vulnerable versions of postcss-modules-scope
  Depends on vulnerable versions of postcss-modules-values
  node_modules/css-loader
  icss-utils  <=3.0.1
  Depends on vulnerable versions of postcss
  node_modules/icss-utils
  postcss-modules-extract-imports  <=1.2.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-extract-imports
  postcss-modules-local-by-default  <=1.2.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-local-by-default
  postcss-modules-scope  <=1.1.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-scope
  postcss-modules-values  <=1.3.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-modules-values


serialize-javascript  <=3.0.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
Cross-Site Scripting in serialize-javascript - https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/serialize-javascript
  terser-webpack-plugin  <=1.4.1
  Depends on vulnerable versions of serialize-javascript
  node_modules/terser-webpack-plugin
  uglifyjs-webpack-plugin  >=1.1.3
  Depends on vulnerable versions of cacache
  Depends on vulnerable versions of serialize-javascript
  node_modules/uglifyjs-webpack-plugin
    webpack  4.3.0 - 4.25.1
    Depends on vulnerable versions of uglifyjs-webpack-plugin
    node_modules/webpack

shell-quote  <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/shell-quote
  @react-native-community/cli-tools  4.8.0 - 5.0.0-alpha.0 || 5.0.1-alpha.0 - 6.2.0
  Depends on vulnerable versions of shell-quote
  node_modules/@react-native-community/cli-tools
    @react-native-community/cli  4.8.0 - 7.0.3
    Depends on vulnerable versions of @react-native-community/cli-hermes
    Depends on vulnerable versions of @react-native-community/cli-plugin-metro
    Depends on vulnerable versions of @react-native-community/cli-server-api
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli
    @react-native-community/cli-hermes  <=6.3.0
    Depends on vulnerable versions of @react-native-community/cli-platform-android
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-hermes
    @react-native-community/cli-platform-android  4.8.0 - 6.3.0
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-platform-android
    @react-native-community/cli-platform-ios  4.8.0 - 6.2.0
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-platform-ios
    @react-native-community/cli-plugin-metro  <=7.0.3
    Depends on vulnerable versions of @react-native-community/cli-server-api
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-plugin-metro
    @react-native-community/cli-server-api  <=7.0.3
    Depends on vulnerable versions of @react-native-community/cli-tools
    node_modules/@react-native-community/cli-server-api

sockjs  <0.3.20
Severity: moderate
Improper Input Validation in SocksJS-Node - https://github.com/advisories/GHSA-c9g6-9335-x697
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/sockjs

ssri  5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/uglifyjs-webpack-plugin/node_modules/ssri
  cacache  10.0.4 - 11.0.0
  Depends on vulnerable versions of ssri
  node_modules/uglifyjs-webpack-plugin/node_modules/cacache

tar  <=4.4.17
Severity: high
Arbitrary File Overwrite in tar - https://github.com/advisories/GHSA-j44m-qm6p-hp7m
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/react-scripts/node_modules/fsevents/node_modules/tar

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jest-cli/node_modules/yargs-parser
node_modules/jest-runtime/node_modules/yargs-parser
node_modules/webpack-dev-server/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/jest-cli/node_modules/yargs
  node_modules/jest-runtime/node_modules/yargs
  node_modules/webpack-dev-server/node_modules/yargs

102 vulnerabilities (13 low, 21 moderate, 55 high, 13 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
@alexhafner
Copy link

In my case, it turned out that Volta managed amplify. The plugin scan for amplify plugins does not pick that up. instead, I had to run amplify plugin add and supply the full path to the plugin, ie /Users/xyz/.volta/tools/image/packages/amplify-category-video/lib/node_modules/amplify-category-video

In ~/.amplify/plugins.json, that added

  "userAddedLocations": [
    "/Users/xyz/.volta/tools/image/packages/amplify-category-video/lib/node_modules/amplify-category-video"
  ],

and the relevant entry for the video plugin

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kjetilge @alexhafner