{
  "auditReportVersion": 2,
  "vulnerabilities": {
    "alloy": {
      "name": "alloy",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "xmldom"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/alloy"
      ],
      "fixAvailable": false
    },
    "ansi-regex": {
      "name": "ansi-regex",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1002401,
          "name": "ansi-regex",
          "dependency": "ansi-regex",
          "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex",
          "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw",
          "severity": "moderate",
          "range": ">2.1.1 <5.0.1"
        }
      ],
      "effects": [
        "strip-ansi"
      ],
      "range": ">2.1.1 <5.0.1",
      "nodes": [
        "node_modules/ansi-regex",
        "node_modules/cliui/node_modules/ansi-regex",
        "node_modules/eslint/node_modules/ansi-regex",
        "node_modules/inquirer/node_modules/ansi-regex",
        "node_modules/table/node_modules/ansi-regex",
        "node_modules/wide-align/node_modules/ansi-regex",
        "node_modules/wrap-ansi/node_modules/ansi-regex",
        "node_modules/yargs/node_modules/ansi-regex"
      ],
      "fixAvailable": {
        "name": "eslint",
        "version": "8.0.1",
        "isSemVerMajor": true
      }
    },
    "appc-cli-mocha": {
      "name": "appc-cli-mocha",
      "severity": "high",
      "isDirect": true,
      "via": [
        "appc-platform-sdk"
      ],
      "effects": [],
      "range": ">=0.0.6",
      "nodes": [
        "node_modules/appc-cli-mocha"
      ],
      "fixAvailable": {
        "name": "appc-cli-mocha",
        "version": "0.0.5",
        "isSemVerMajor": true
      }
    },
    "appc-platform-sdk": {
      "name": "appc-platform-sdk",
      "severity": "high",
      "isDirect": true,
      "via": [
        "pac-proxy-agent"
      ],
      "effects": [
        "appc-cli-mocha"
      ],
      "range": ">=2.3.1",
      "nodes": [
        "node_modules/appc-platform-sdk"
      ],
      "fixAvailable": {
        "name": "appc-platform-sdk",
        "version": "2.3.0",
        "isSemVerMajor": true
      }
    },
    "cliui": {
      "name": "cliui",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "strip-ansi",
        "wrap-ansi"
      ],
      "effects": [
        "yargs"
      ],
      "range": "4.0.0 - 5.0.0",
      "nodes": [
        "node_modules/cliui"
      ],
      "fixAvailable": {
        "name": "nyc",
        "version": "15.1.0",
        "isSemVerMajor": true
      }
    },
    "eslint": {
      "name": "eslint",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "strip-ansi",
        "table"
      ],
      "effects": [],
      "range": "4.5.0 - 7.15.0",
      "nodes": [
        "node_modules/eslint"
      ],
      "fixAvailable": {
        "name": "eslint",
        "version": "8.0.1",
        "isSemVerMajor": true
      }
    },
    "glob-parent": {
      "name": "glob-parent",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1002627,
          "name": "glob-parent",
          "dependency": "glob-parent",
          "title": "Regular expression denial of service",
          "url": "https://github.com/advisories/GHSA-ww39-953v-wcq6",
          "severity": "high",
          "range": "<5.1.2"
        }
      ],
      "effects": [],
      "range": "<5.1.2",
      "nodes": [
        "node_modules/glob-parent"
      ],
      "fixAvailable": true
    },
    "hosted-git-info": {
      "name": "hosted-git-info",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1002692,
          "name": "hosted-git-info",
          "dependency": "hosted-git-info",
          "title": "Regular Expression Denial of Service in hosted-git-info",
          "url": "https://github.com/advisories/GHSA-43f8-2h32-f4cj",
          "severity": "moderate",
          "range": "<2.8.9"
        }
      ],
      "effects": [],
      "range": "<2.8.9",
      "nodes": [
        "node_modules/hosted-git-info"
      ],
      "fixAvailable": true
    },
    "ini": {
      "name": "ini",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1003007,
          "name": "ini",
          "dependency": "ini",
          "title": "Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-qqgx-2p2h-9c37",
          "severity": "high",
          "range": "<1.3.6"
        }
      ],
      "effects": [],
      "range": "<1.3.6",
      "nodes": [
        "node_modules/ini"
      ],
      "fixAvailable": true
    },
    "inquirer": {
      "name": "inquirer",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "strip-ansi"
      ],
      "effects": [],
      "range": "3.2.0 - 7.0.4",
      "nodes": [
        "node_modules/inquirer"
      ],
      "fixAvailable": true
    },
    "lodash": {
      "name": "lodash",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1002847,
          "name": "lodash",
          "dependency": "lodash",
          "title": "Command Injection in lodash",
          "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
          "severity": "high",
          "range": "<4.17.21"
        }
      ],
      "effects": [],
      "range": "<4.17.21",
      "nodes": [
        "node_modules/lodash"
      ],
      "fixAvailable": true
    },
    "minimist": {
      "name": "minimist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1004153,
          "name": "minimist",
          "dependency": "minimist",
          "title": "Prototype Pollution in minimist",
          "url": "https://github.com/advisories/GHSA-vh95-rmgr-6w4m",
          "severity": "moderate",
          "range": "<0.2.1"
        }
      ],
      "effects": [
        "mkdirp",
        "optimist"
      ],
      "range": "<0.2.1",
      "nodes": [
        "node_modules/minimist"
      ],
      "fixAvailable": {
        "name": "titanium",
        "version": "0.0.26",
        "isSemVerMajor": true
      }
    },
    "mkdirp": {
      "name": "mkdirp",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [
        "mocha"
      ],
      "range": "0.4.1 - 0.5.1",
      "nodes": [
        "node_modules/mocha/node_modules/mkdirp"
      ],
      "fixAvailable": true
    },
    "mocha": {
      "name": "mocha",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "mkdirp",
        "yargs",
        "yargs-parser",
        "yargs-unparser"
      ],
      "effects": [],
      "range": "1.21.5 - 8.2.1",
      "nodes": [
        "node_modules/mocha"
      ],
      "fixAvailable": true
    },
    "netmask": {
      "name": "netmask",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1002813,
          "name": "netmask",
          "dependency": "netmask",
          "title": "Improper parsing of octal bytes",
          "url": "https://github.com/advisories/GHSA-4c7m-wxvm-r7gc",
          "severity": "critical",
          "range": "<1.1.0"
        },
        {
          "source": 1002874,
          "name": "netmask",
          "dependency": "netmask",
          "title": "netmask npm package vulnerable to octal input data",
          "url": "https://github.com/advisories/GHSA-pch5-whg9-qr2r",
          "severity": "moderate",
          "range": "<2.0.1"
        }
      ],
      "effects": [
        "pac-resolver"
      ],
      "range": "<=2.0.0",
      "nodes": [
        "node_modules/netmask"
      ],
      "fixAvailable": {
        "name": "pac-proxy-agent",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "node-appc": {
      "name": "node-appc",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "optimist",
        "xmldom"
      ],
      "effects": [
        "titanium"
      ],
      "range": "<=1.1.2",
      "nodes": [
        "node_modules/node-appc",
        "node_modules/titanium/node_modules/node-appc"
      ],
      "fixAvailable": {
        "name": "titanium",
        "version": "0.0.26",
        "isSemVerMajor": true
      }
    },
    "node-forge": {
      "name": "node-forge",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1003051,
          "name": "node-forge",
          "dependency": "node-forge",
          "title": "Prototype Pollution in node-forge",
          "url": "https://github.com/advisories/GHSA-92xj-mqp7-vmcj",
          "severity": "high",
          "range": "<0.10.0"
        }
      ],
      "effects": [],
      "range": "<0.10.0",
      "nodes": [
        "node_modules/node-forge"
      ],
      "fixAvailable": {
        "name": "node-forge",
        "version": "0.10.0",
        "isSemVerMajor": true
      }
    },
    "nomnom": {
      "name": "nomnom",
      "severity": "high",
      "isDirect": false,
      "via": [
        "underscore"
      ],
      "effects": [],
      "range": ">=1.6.0",
      "nodes": [
        "node_modules/nomnom"
      ],
      "fixAvailable": true
    },
    "nyc": {
      "name": "nyc",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "yargs"
      ],
      "effects": [],
      "range": "14.0.0-alpha.0 - 15.0.0-beta.3",
      "nodes": [
        "node_modules/nyc"
      ],
      "fixAvailable": {
        "name": "nyc",
        "version": "15.1.0",
        "isSemVerMajor": true
      }
    },
    "optimist": {
      "name": "optimist",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "minimist"
      ],
      "effects": [
        "node-appc"
      ],
      "range": ">=0.6.0",
      "nodes": [
        "node_modules/optimist"
      ],
      "fixAvailable": {
        "name": "titanium",
        "version": "0.0.26",
        "isSemVerMajor": true
      }
    },
    "pac-proxy-agent": {
      "name": "pac-proxy-agent",
      "severity": "high",
      "isDirect": true,
      "via": [
        "pac-resolver"
      ],
      "effects": [
        "appc-platform-sdk"
      ],
      "range": "<=4.1.0",
      "nodes": [
        "node_modules/appc-platform-sdk/node_modules/pac-proxy-agent",
        "node_modules/pac-proxy-agent"
      ],
      "fixAvailable": {
        "name": "pac-proxy-agent",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "pac-resolver": {
      "name": "pac-resolver",
      "severity": "critical",
      "isDirect": false,
      "via": [
        {
          "source": 1002525,
          "name": "pac-resolver",
          "dependency": "pac-resolver",
          "title": "Code Injection in pac-resolver",
          "url": "https://github.com/advisories/GHSA-9j49-mfvp-vmhm",
          "severity": "high",
          "range": "<5.0.0"
        },
        "netmask"
      ],
      "effects": [
        "pac-proxy-agent"
      ],
      "range": "<=4.2.0",
      "nodes": [
        "node_modules/pac-resolver"
      ],
      "fixAvailable": {
        "name": "pac-proxy-agent",
        "version": "5.0.0",
        "isSemVerMajor": true
      }
    },
    "path-parse": {
      "name": "path-parse",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1002536,
          "name": "path-parse",
          "dependency": "path-parse",
          "title": "Regular Expression Denial of Service in path-parse",
          "url": "https://github.com/advisories/GHSA-hj48-42vr-x3v9",
          "severity": "moderate",
          "range": "<1.0.7"
        }
      ],
      "effects": [],
      "range": "<1.0.7",
      "nodes": [
        "node_modules/path-parse"
      ],
      "fixAvailable": true
    },
    "string-width": {
      "name": "string-width",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "strip-ansi"
      ],
      "effects": [
        "table",
        "wrap-ansi",
        "yargs"
      ],
      "range": "2.1.0 - 4.1.0",
      "nodes": [
        "node_modules/cliui/node_modules/string-width",
        "node_modules/table/node_modules/string-width",
        "node_modules/wide-align/node_modules/string-width",
        "node_modules/wrap-ansi/node_modules/string-width",
        "node_modules/yargs/node_modules/string-width"
      ],
      "fixAvailable": {
        "name": "eslint",
        "version": "8.0.1",
        "isSemVerMajor": true
      }
    },
    "strip-ansi": {
      "name": "strip-ansi",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "ansi-regex"
      ],
      "effects": [
        "cliui",
        "eslint",
        "inquirer",
        "string-width",
        "wrap-ansi"
      ],
      "range": "4.0.0 - 5.2.0",
      "nodes": [
        "node_modules/cliui/node_modules/strip-ansi",
        "node_modules/eslint/node_modules/strip-ansi",
        "node_modules/inquirer/node_modules/strip-ansi",
        "node_modules/table/node_modules/strip-ansi",
        "node_modules/wide-align/node_modules/strip-ansi",
        "node_modules/wrap-ansi/node_modules/strip-ansi",
        "node_modules/yargs/node_modules/strip-ansi"
      ],
      "fixAvailable": {
        "name": "eslint",
        "version": "8.0.1",
        "isSemVerMajor": true
      }
    },
    "table": {
      "name": "table",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "string-width"
      ],
      "effects": [
        "eslint"
      ],
      "range": "4.0.2 - 5.4.6",
      "nodes": [
        "node_modules/table"
      ],
      "fixAvailable": {
        "name": "eslint",
        "version": "8.0.1",
        "isSemVerMajor": true
      }
    },
    "tar": {
      "name": "tar",
      "severity": "high",
      "isDirect": true,
      "via": [
        {
          "source": 1002502,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization",
          "url": "https://github.com/advisories/GHSA-5955-9wpr-37jh",
          "severity": "high",
          "range": ">=5.0.0 <5.0.10"
        },
        {
          "source": 1002508,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links",
          "url": "https://github.com/advisories/GHSA-9r2w-394v-53qc",
          "severity": "high",
          "range": ">=5.0.0 <5.0.8"
        },
        {
          "source": 1002540,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization",
          "url": "https://github.com/advisories/GHSA-3jfq-g458-7qm9",
          "severity": "high",
          "range": ">=5.0.0 <5.0.6"
        },
        {
          "source": 1002544,
          "name": "tar",
          "dependency": "tar",
          "title": "Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning",
          "url": "https://github.com/advisories/GHSA-r628-mhmh-qjhw",
          "severity": "high",
          "range": ">=5.0.0 <5.0.7"
        }
      ],
      "effects": [],
      "range": "5.0.0 - 5.0.9",
      "nodes": [
        "node_modules/tar"
      ],
      "fixAvailable": true
    },
    "tiapp.xml": {
      "name": "tiapp.xml",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "xmldom"
      ],
      "effects": [],
      "range": "*",
      "nodes": [
        "node_modules/tiapp.xml"
      ],
      "fixAvailable": false
    },
    "titanium": {
      "name": "titanium",
      "severity": "moderate",
      "isDirect": true,
      "via": [
        "node-appc"
      ],
      "effects": [],
      "range": "3.0.0 - 5.3.2",
      "nodes": [
        "node_modules/titanium"
      ],
      "fixAvailable": {
        "name": "titanium",
        "version": "0.0.26",
        "isSemVerMajor": true
      }
    },
    "underscore": {
      "name": "underscore",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1002849,
          "name": "underscore",
          "dependency": "underscore",
          "title": "Arbitrary Code Execution in underscore",
          "url": "https://github.com/advisories/GHSA-cf4h-3jhx-xvhq",
          "severity": "high",
          "range": ">=1.3.2 <1.12.1"
        }
      ],
      "effects": [
        "nomnom"
      ],
      "range": "1.3.2 - 1.12.0",
      "nodes": [
        "node_modules/underscore"
      ],
      "fixAvailable": true
    },
    "wrap-ansi": {
      "name": "wrap-ansi",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "string-width",
        "strip-ansi"
      ],
      "effects": [
        "cliui"
      ],
      "range": "3.0.0 - 6.1.0",
      "nodes": [
        "node_modules/wrap-ansi"
      ],
      "fixAvailable": {
        "name": "nyc",
        "version": "15.1.0",
        "isSemVerMajor": true
      }
    },
    "xmldom": {
      "name": "xmldom",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1002531,
          "name": "xmldom",
          "dependency": "xmldom",
          "title": "Misinterpretation of malicious XML input",
          "url": "https://github.com/advisories/GHSA-5fg8-2547-mr8q",
          "severity": "moderate",
          "range": "<=0.6.0"
        },
        {
          "source": 1002923,
          "name": "xmldom",
          "dependency": "xmldom",
          "title": "Misinterpretation of malicious XML input",
          "url": "https://github.com/advisories/GHSA-h6q6-9hqw-rwfv",
          "severity": "low",
          "range": "<0.5.0"
        }
      ],
      "effects": [
        "alloy",
        "node-appc",
        "tiapp.xml"
      ],
      "range": "*",
      "nodes": [
        "node_modules/alloy/node_modules/xmldom",
        "node_modules/node-appc/node_modules/xmldom",
        "node_modules/titanium/node_modules/xmldom",
        "node_modules/xmldom"
      ],
      "fixAvailable": {
        "name": "titanium",
        "version": "0.0.26",
        "isSemVerMajor": true
      }
    },
    "y18n": {
      "name": "y18n",
      "severity": "high",
      "isDirect": false,
      "via": [
        {
          "source": 1002915,
          "name": "y18n",
          "dependency": "y18n",
          "title": "Prototype Pollution",
          "url": "https://github.com/advisories/GHSA-c4w7-xm78-47vh",
          "severity": "high",
          "range": "=4.0.0"
        }
      ],
      "effects": [],
      "range": "4.0.0",
      "nodes": [
        "node_modules/y18n"
      ],
      "fixAvailable": true
    },
    "yargs": {
      "name": "yargs",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "cliui",
        "string-width"
      ],
      "effects": [
        "mocha",
        "nyc",
        "yargs-unparser"
      ],
      "range": "10.1.0 - 15.0.0",
      "nodes": [
        "node_modules/yargs"
      ],
      "fixAvailable": {
        "name": "nyc",
        "version": "15.1.0",
        "isSemVerMajor": true
      }
    },
    "yargs-parser": {
      "name": "yargs-parser",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        {
          "source": 1003019,
          "name": "yargs-parser",
          "dependency": "yargs-parser",
          "title": "Prototype Pollution in yargs-parser",
          "url": "https://github.com/advisories/GHSA-p9pc-299p-vxgp",
          "severity": "moderate",
          "range": ">=6.0.0 <13.1.2"
        }
      ],
      "effects": [
        "mocha"
      ],
      "range": "6.0.0 - 13.1.1",
      "nodes": [
        "node_modules/mocha/node_modules/yargs-parser"
      ],
      "fixAvailable": true
    },
    "yargs-unparser": {
      "name": "yargs-unparser",
      "severity": "moderate",
      "isDirect": false,
      "via": [
        "yargs"
      ],
      "effects": [
        "mocha"
      ],
      "range": "1.5.1 - 1.6.4",
      "nodes": [
        "node_modules/yargs-unparser"
      ],
      "fixAvailable": true
    }
  },
  "metadata": {
    "vulnerabilities": {
      "info": 0,
      "low": 0,
      "moderate": 23,
      "high": 11,
      "critical": 2,
      "total": 36
    },
    "dependencies": {
      "prod": 376,
      "dev": 363,
      "optional": 2,
      "peer": 0,
      "peerOptional": 0,
      "total": 740
    }
  }
}
