Bcrypt is triggering security scan alerts, is there any way to replace it?


#1

Title is pretty self explanatory.

The version of bcrypt being used by Meteor is using some (supposedly) insecure string writes that are triggering vulnerability scans for my application.

Is there any way to replace or upgrade bcrypt to prevent this without causing problems with Meteor?


#2

Which vulnerability scans are you running?


#4

Bump. Is there any way to uncouple/replace this library without removing Accounts completely? Or just upgrade it?


#5

Still an issue with me, and becoming more urgent by the day.

Do you think I could manually edit the packages.json to force a newer version of bcrypt?

I’ll go post to Fibers and ask them.