web

You’re offline. This is a read only version of the page.

Skip to main content

Power Platform Community

Cancel

Search

Notifications

Announcements

Welcome to the Power Platform Communities

Season of Giving Solutions is Here!

Explore Copilot Studio Forums, Blogs & Galleries!

News and Announcements icon

Community site session details

Session Id :

Season of Giving Solutions is Here!

Power Platform Community / Forums / Power Apps / PCF: 2 moderate severi...

Power Apps

Unanswered

PCF: 2 moderate severity vulnerabilities reported by NPM Audit

edit

Subscribe (0)

Share

Report

Report

Posted on by Community Power Pla...

Have anyone encountered this issue when I try to build a new PCF control then perform npm install, npm reports 2 moderate vulnerability?

Performing npm audit points to the glob parent under the pcf-scripts

Steps to recreate

Run "pac init" to create a new pcf (I've tried only field template)
perform "npm install"

pac version: 1.9.4

Have anyone resolved this?

Categories:

Power Apps Pro Dev & ISV

I have the same question (0)

All responses Img

All responses (1)

Answers Img

Answers (0)

cchannon 4,702 Moderator on at

Like (0)

Report

Yes, I see the same results, but I don't see why you would be concerned: PCFs are not publicly facing sites when deployed: they are stored as a bundle in the webresources collection that has no directly accessible URL. There is no single url path that would render the PCF as a freestanding page, therefore there is no way to hit it with a ddos attack (and even if there were, the attack is on the powerapp that hosts it--not the pcf--and MSFT provides service protection limits to prevent such attacks), so the vulnerability identified is not valid for the way it will be deployed.

Was this reply helpful? Yes No

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Join the conversation

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Season of Giving Solutions is Here!

Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Subscribe to this forum!

Stay up to date on forum activity by subscribing.

Select categories

AI Builder

Building Power Apps

Connector development

Error handling

Experimental features

GCC, GCCH, DoD - Federal App Makers (FAM)

General topics

Governance & administering

Microsoft Dataverse with Power Apps

Power Apps Pro Dev & ISV

Power Query

Leaderboard > Power Apps

#1

WarrenBelz 721 Most Valuable Professional

#2

Michael E. Gernaey 320 Super User 2025 Season 2

#3

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages

Gallery Tabs - Show or Hide Tabs based on Field Value

How to patch multiple records at once

Enable Copilot for end users in model-driven apps

Question for everyone : How are you using Create Text GPT in AI Builder?

Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)

Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans

Power Platform overview
Power BI
Power Apps
Power Pages
Power Automate
Copilot Studio

© Microsoft

Follow Power Platform

Manage Cookies
Privacy & cookies
Manage cookies
Terms of use
Trademarks

Your Privacy Choices Consumer Health Privacy

Messages

Profile
Messages
My activity
Sign out