Hello, I’m using the tool snyk to monitor my application for security vulnerabilities. It’s concerned about the shelljs package that Serverless has as a dependency.
As you can see here the issue is around the shell.exec()
function, which I can’t find being used in Serverless. Therefore, I think the vulnerability can be safely ignored. However, because shelljs is imported globally, I can’t actually figure out if it’s used at all.
Can anyone provide insight on where functions from shelljs are used in Serverless and whether it can be removed as a dependency?