Usage - Type a color in any format to get informations. - Apply commands on colors (pastel help for the complete command list) - Get random/distinct colors in any format. Ex: random rgb - Get gradients in any format. Ex: gradient white gray rgb - Press Enter to copy the outputLast changelog:
Fix installer
Fix/improve installer and uninstall scripts: * Check deps before proceeding to installation * Fix service not running on startup
I am getting this message on npm audit:
# npm audit report
minimist <=1.2.5
Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
No fix available
node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
dbus-native *
Depends on vulnerable versions of optimist
Depends on vulnerable versions of put
node_modules/dbus-native
put *
Sensitive Data Exposure in put - https://github.com/advisories/GHSA-v6gv-fg46-h89j
No fix available
node_modules/put
dbus-native *
Depends on vulnerable versions of optimist
Depends on vulnerable versions of put
node_modules/dbus-native
4 vulnerabilities (1 low, 2 moderate, 1 high)
Some issues need review, and may require choosing
a different dependency.
Not too well versed with it but is it okay to use it?
Hi thanks for reporting,
After a bit of research I can confirm the presence of vulnerabilities in dependencies owned by dbus-native node library
However, while there are in fact critical, there doesn't seem to be any real danger using it in the context of KRunner since it's executed locally and there aren't risks of a network attack vector, The affected environments are either application servers or web servers which is not the case here.
Furthermore, the codebase doesn't comply to that vulnerability requirements (Evaluating a command or checking the privileges of a user)
You can read more about it here:
https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764
This issue was also addressed in the dbus-native repo, but so far developers have been using this library extensively
https://github.com/sidorares/dbus-native/issues/271
https://www.npmjs.com/package/dbus-native
One safe solution would be to port this to a Python package, but I don't have the time right now nor the motivation so I'll create a repo and let people port it if they want to.
Ratings & Comments
3 Comments
Doesn't seem to be working. After install, it does not appear in the list of krunner search plugins.
I am getting this message on npm audit: # npm audit report minimist <=1.2.5 Severity: high Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h No fix available node_modules/minimist optimist >=0.6.0 Depends on vulnerable versions of minimist node_modules/optimist dbus-native * Depends on vulnerable versions of optimist Depends on vulnerable versions of put node_modules/dbus-native put * Sensitive Data Exposure in put - https://github.com/advisories/GHSA-v6gv-fg46-h89j No fix available node_modules/put dbus-native * Depends on vulnerable versions of optimist Depends on vulnerable versions of put node_modules/dbus-native 4 vulnerabilities (1 low, 2 moderate, 1 high) Some issues need review, and may require choosing a different dependency. Not too well versed with it but is it okay to use it?
Hi thanks for reporting, After a bit of research I can confirm the presence of vulnerabilities in dependencies owned by dbus-native node library However, while there are in fact critical, there doesn't seem to be any real danger using it in the context of KRunner since it's executed locally and there aren't risks of a network attack vector, The affected environments are either application servers or web servers which is not the case here. Furthermore, the codebase doesn't comply to that vulnerability requirements (Evaluating a command or checking the privileges of a user) You can read more about it here: https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764 This issue was also addressed in the dbus-native repo, but so far developers have been using this library extensively https://github.com/sidorares/dbus-native/issues/271 https://www.npmjs.com/package/dbus-native One safe solution would be to port this to a Python package, but I don't have the time right now nor the motivation so I'll create a repo and let people port it if they want to.