Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
jay-jay
Frequent Visitor

Visual Object - node modules vulnerabilities

‎02-25-2022 05:43 AM

Hi,

I cloned a certified visual object code to add some modifications. In the github repo there are no vulnerabilities reported but when I install (through npm i) the necessary packages "npm audit" command finds some vulnerabilities.

I read https://github.com/microsoft/PowerBI-visuals-tools/issues/383 that the right command to check vulnerabilities on visual is "npm audit --production", beacause it does not consider devDependencies.

So I have 2 questions:

- Is the certified visual object continuously checked?
- Can I use the object without security issues?
Thanks,
Labels:
Message 1 of 3
594 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎02-28-2022 12:06 AM

Hi @jay-jay ,

 

1. 

There are some requirements and tests before a Power BI visual certified.

You may refer to the blogs as below.

For reference:

Test a Power BI visual before submitting it

Certification requirements

2.

This PR enables using the existing --production flag when running npm audit. Using this flag will ignore dev dependencies when assigning the requires constant that is passed to audit.generate.

For reference: Enable production flag for npm audit

 

Best Regards,
Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
517 Views
0
jay-jay
Frequent Visitor
In response to Anonymous

‎03-01-2022 04:49 AM

I read the documentation about certification requirements and one requirement is "the visual must not have vulnerabilities", but it is not guaranteed the visual will not have some in the future.

I cloned the chicletSlicer code from github. The visual is developed with an old version of powerbi-visuals-tools: "npm i" finds some vulnerabilities, on the contrary "npm i --production" doesn't find anything (all packages are in devDependencies). So can I suppose there are not vulnerabilities when I build the component through "pbiviz package" or do I have to set some configuration files?

Message 3 of 3
485 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All