❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

npm

https://amplearning.jfrog.io/artifactory/api/npm/amplify-npm

Step	Level	Description	Details
Setting the scanner configuration	⚠Warn	Failure to set private registries, due to an issue with the configuration provided by the user	no "registry" field corresponding to this url was found in the .npmrc files

You have successfully remediated 1 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue	Reachability
CVE-2025-2306 Path to dependency file: /package.json Path to vulnerable library: /node_modules/mongoose/package.json Dependency Hierarchy: -> ❌ mongoose-8.5.2.tgz (Vulnerable Library)	Critical	9.4	mongoose-8.5.2.tgz	Upgrade to version: mongoose -6.13.6,7.8.4,8.9.5	#402

✔️ Remediated vulnerabilities:

CVE	Vulnerable Library
CVE-2024-47764	cookie-0.4.1.tgz

Base branch total remaining vulnerabilities: 16
Base branch commit: d78fa6c704e955e6c8c8cfced0439e66cf72809e


Total libraries scanned: 643

Scan token: 38a5b9ec44b94801aceb2dd4e5d96237