Skip to main content

Fix example direct vulnerability for NPM

When your configuration file specifically references a library, Veracode SCA refers to the library as a direct dependency.

These example steps provide a fix for a Cross-site Scripting (XSS) Using Non-standard Encodings vulnerability in Express, version 4.1.1 in the example-javascript repository.

To complete this task:

  1. Run this command to edit the package.json file in the root of the project:

    npm install express@4.5.0 --save
  2. Validate the fix.