Uncontrolled Resource Consumption in ansi-html (CVE-2021-23424) is a vulnerability that won’t be fixed by the project’s author, since it’s been abandoned and there won’t be a patched version of ansi-html.
Fixing the ansi-html vulnerability
I published a fix version of ansi-html, ansi-html-community to npm. It’s code is available in @mahdyar/ansi-html-community on GitHub. The commit that fixed the vulnerability is also available here.
You need to replace ansi-html with ansi-html-community in your package.json like this:
and import it like this:
A good example of implementing the fix is this commit: fix: replace ansi-html with ansi-html-community
Have fun and be safe! 🙂