Cli-table2 is a versatile npm package designed for generating visually appealing Unicode tables directly within command-line interfaces. Both version 0.1.6 and 0.1.7 offer developers a way to present data in a structured and easily readable format, enhancing the user experience of command-line tools. Key features include customizable table styles, column widths, and text alignment, making it suitable for diverse data representation needs.
The primary distinction between versions 0.1.6 and 0.1.7 lies in the introduction of optionalDependencies within the latter. Specifically, version 0.1.7 declares "colors":"1.0.3" as optional, whereas version 0.1.6 only lists "colors":"1.0.3" as a direct dependency. This change suggests that version 0.1.7 allows the colors package to be optionally installed. This is a benefit for developers who may not need color support or prefer to handle terminal coloring in a different way, providing greater flexibility in managing dependencies. Both versions rely on lodash for utility functions and include a suite of devDependencies for testing and development, ensuring code quality and maintainability. Developers leveraging cli-table2 can enhance command-line tools with clean, formatted tabular output, improving data presentation and user engagement. The MIT license promotes open-source usage and contribution.
All the vulnerabilities related to the version 0.1.7 of the package
Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.11 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.5 or later.
Prototype Pollution in lodash
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.12 or later.
