Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities - Lets Get Started!
Announcing new navigation menus and the Engage with the Community forum!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps - Power Apps Pro Dev & ISV / PCF: 2 moderate severi...
Power Apps - Power Apps Pro Dev & ISV
Unanswered

PCF: 2 moderate severity vulnerabilities reported by NPM Audit

(0) ShareShare
ReportReport
Posted on by Community Power Pla...

Have anyone encountered this issue when I try to build a new PCF control then perform npm install, npm reports 2 moderate vulnerability? 

 

soup_0-1632233310080.png

 

 

Performing npm audit points to the glob parent under the pcf-scripts

 

soup_1-1632233311215.png

 

Steps to recreate

  1. Run "pac init" to create a new pcf (I've tried only field template)
  2. perform "npm install" 

pac version: 1.9.4

 

Have anyone resolved this? 

Categories:
Power Apps component framework
  • cchannon Profile Picture
    cchannon 4,702 Super User 2025 Season 1 on at
    Re: PCF: 2 moderate severity vulnerabilities reported by NPM Audit

    Yes, I see the same results, but I don't see why you would be concerned: PCFs are not publicly facing sites when deployed: they are stored as a bundle in the webresources collection that has no directly accessible URL. There is no single url path that would render the PCF as a freestanding page, therefore there is no way to hit it with a ddos attack (and even if there were, the attack is on the powerapp that hosts it--not the pcf--and MSFT provides service protection limits to prevent such attacks), so the vulnerability identified is not valid for the way it will be deployed.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities - Lets Get Started!
Announcing new navigation menus and the Engage with the Community forum!

Quick Links

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

🌸 Community Spring Festival 2025 Challenge Winners! 🌸

Congratulations to all our community participants!

Warren Belz – Community Spotlight

We are honored to recognize Warren Belz as our May 2025 Community…

Leaderboard > Power Apps - Power Apps Pro Dev & ISV

#1
WarrenBelz Profile Picture

WarrenBelz 94 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 72 Super User 2025 Season 1

#3
mmbr1606 Profile Picture

mmbr1606 71 Super User 2025 Season 1

Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)

Product updates

Microsoft Power Platform Community release plans