cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
soup
New Member

PCF: 2 moderate severity vulnerabilities reported by NPM Audit

Have anyone encountered this issue when I try to build a new PCF control then perform npm install, npm reports 2 moderate vulnerability? 

 

soup_0-1632233310080.png

 

 

Performing npm audit points to the glob parent under the pcf-scripts

 

soup_1-1632233311215.png

 

Steps to recreate

  1. Run "pac init" to create a new pcf (I've tried only field template)
  2. perform "npm install" 

pac version: 1.9.4

 

Have anyone resolved this? 

1 REPLY 1
cchannon
Super User
Super User

Yes, I see the same results, but I don't see why you would be concerned: PCFs are not publicly facing sites when deployed: they are stored as a bundle in the webresources collection that has no directly accessible URL. There is no single url path that would render the PCF as a freestanding page, therefore there is no way to hit it with a ddos attack (and even if there were, the attack is on the powerapp that hosts it--not the pcf--and MSFT provides service protection limits to prevent such attacks), so the vulnerability identified is not valid for the way it will be deployed.

Helpful resources

Announcements
PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

PA.JPG

New Release Planning Portal (Preview)

Check out our new release planning portal, an interactive way to plan and prepare for upcoming features in Power Platform.

Users online (2,593)