Fix example direct vulnerability for NPM
When your configuration file specifically references a library, Veracode SCA refers to the library as a direct dependency.
These example steps provide a fix for a Cross-site Scripting (XSS) Using Non-standard Encodings vulnerability in Express, version 4.1.1 in the example-javascript repository.
To complete this task:
-
Run this command to edit the
package.json
file in the root of the project:npm install express@4.5.0 --save