Mahdyar's Blog

My Thoughts

How to fix ansi-html vulnerability

Uncontrolled Resource Consumption in ansi-html (CVE-2021-23424) is a vulnerability that won’t be fixed by the project’s author, since it’s been abandoned and there won’t be a patched version of ansi-html.

Fixing the ansi-html vulnerability

I published a fix version of ansi-html, ansi-html-community to npm. It’s code is available in @mahdyar/ansi-html-community on GitHub. The commit that fixed the vulnerability is also available here.

You need to replace ansi-html with ansi-html-community in your package.json like this:

update package.json

and import it like this:

update the import

A good example of implementing the fix is this commit: fix: replace ansi-html with ansi-html-community

Have fun and be safe! 🙂