Security Alerts: debug & ansi-regex Packages Compromised – How Are Others Handling This? | Node.js | Page 1

small temple Dec 8, 2025, 12:04 PM

#

Update

#

What is flagging those as compromised? What tool are you using for security scans?

#

4.4.1 of debug does not appear to be one of the compromised versions so I mistrust its output

quick adder Dec 8, 2025, 12:21 PM

#

You can check here. As a reference.

GitHub

Next.js is vulnerable to RCE in React flight protocol

surreal crescent Dec 8, 2025, 12:29 PM

#

That’s a completely different vulnerability in a completely different package

quick adder Dec 8, 2025, 12:34 PM

#

Yes this is related to next/react js

surreal crescent Dec 8, 2025, 2:24 PM

#

But it’s not related to packages you mentioned

#Security Alerts: debug & ansi-regex Packages Compromised – How Are Others Handling This?